Created
May 18, 2017 01:24
-
-
Save averkinderen/3d03a0d5e2231e8cf97b5ba0e6cae08e to your computer and use it in GitHub Desktop.
Network Security Group flow logs are a feature of Network Watcher that allows you to view information about ingress and egress IP traffic through a Network Security Group. These flow logs are written in json format and show outbound and inbound flows on a per rule basis, the NIC the flow applies to, 5-tuple information about the flow (Source/Des…
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#variables | |
$ResourgeGroupName = Read-Host "Please provide name of ResourgeGroup that will be used for saving the NSG logs" | |
$StorageAccountLogs = Read-Host "Please provide name of Storage Account that will be used for saving the NSG logs" | |
$retentionperiod = Read-Host "Please provide retention period" | |
#Login to the Azure Resource Management Account | |
#Login-AzureRmAccount | |
Register-AzureRmResourceProvider -ProviderNamespace Microsoft.Insights | |
#region Get Azure Subscriptions | |
$subscriptions = Get-AzureRmSubscription | |
$menu = @{} | |
for ($i = 1;$i -le $subscriptions.count; $i++) | |
{ | |
Write-Host -Object "$i. $($subscriptions[$i-1].Name)" | |
$menu.Add($i,($subscriptions[$i-1].Id)) | |
} | |
[int]$ans = Read-Host -Prompt 'Enter selection' | |
$subscriptionID = $menu.Item($ans) | |
$subscription = Get-AzureRmSubscription -SubscriptionId $subscriptionID | |
Set-AzureRmContext -SubscriptionName $subscription.Name | |
#endregion | |
$subId = (Get-AzureRmContext).Subscription.Id | |
$subName = (Get-AzureRmContext).Subscription.Name | |
#regionGet Azure details details | |
$storageAccount = Get-AzureRmStorageAccount -ResourceGroupName $ResourgeGroupName -Name $StorageAccountLogs | |
$NWs = Get-AzurermNetworkWatcher -ResourceGroupName NetworkWatcherRg | |
#endregion | |
Foreach($NW in $NWs){ | |
$NWlocation = $NW.location | |
write-host "Looping trough $NWlocation" -ForegroundColor Yellow | |
#region Enable NSG Flow Logs | |
$nsgs = Get-AzureRmNetworkSecurityGroup | Where-Object {$_.Location -eq $NWlocation} | |
Foreach($nsg in $nsgs) | |
{ | |
Get-AzureRmNetworkWatcherFlowLogStatus -NetworkWatcher $NW -TargetResourceId $nsg.Id | |
Set-AzureRmNetworkWatcherConfigFlowLog -NetworkWatcher $NW -TargetResourceId $nsg.Id -StorageAccountId $storageAccount.Id -EnableFlowLog $true -EnableRetention $true -RetentionInDays $retentionperiod | |
write-host "Diagnostics enabled for $nsg.Name " -BackgroundColor Green | |
} | |
#endregion | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Does this work for anyone