Skip to content

Instantly share code, notes, and snippets.

@averkinderen
Last active July 18, 2019 04:25
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save averkinderen/ec90a172232cc9aade02d9b884420750 to your computer and use it in GitHub Desktop.
Save averkinderen/ec90a172232cc9aade02d9b884420750 to your computer and use it in GitHub Desktop.
Enable NSG Flow and Traffic Analytics
<#
=======================================================================================
AUTHOR: Alexandre Verkinderen
DATE: 18/07/2019
Version: 1.0
Comment: bulk enable NSG flow and traffic analytics
=======================================================================================
#>
#variables
$ResourgeGroupName = Read-Host "Please provide name for the storage account ResourgeGroup that will be used for saving the NSG logs"
$StorageAccountLogs = Read-Host "Please provide name of Storage Account that will be used for saving the NSG logs"
$retentionperiod = Read-Host "Please provide retention period"
$omsrg = Read-Host "Please provide name of OMS ResourgeGroup that will be used for saving the NSG logs"
$oms = Read-Host "Please provide name of Log analytics workspace that will be used for saving the NSG logs"
#Login to the Azure Resource Management Account
Login-AzAccount
Register-AzureRmResourceProvider -ProviderNamespace Microsoft.Insights
#region Get Azure Subscriptions
$subscriptions = Get-AzSubscription
$menu = @{}
for ($i = 1;$i -le $subscriptions.count; $i++)
{
Write-Host -Object "$i. $($subscriptions[$i-1].Name)"
$menu.Add($i,($subscriptions[$i-1].Id))
}
[int]$ans = Read-Host -Prompt 'Select subscription where Log analytics and storage account resides'
$subscriptionID = $menu.Item($ans)
$subscription = Get-AzSubscription -SubscriptionId $subscriptionID
Set-AzContext -SubscriptionName $subscription.Name
#endregion
$subId = (Get-AzContext).Subscription.Id
$subName = (Get-AzContext).Subscription.Name
#regionGet Azure details details
$storageAccount = Get-AzStorageAccount -ResourceGroupName $ResourgeGroupName -AccountName $StorageAccountLogs
$workspace = Get-AzOperationalInsightsWorkspace -Name $oms -ResourceGroupName $omsrg
$NWs = Get-AzNetworkWatcher -ResourceGroupName NetworkWatcherRg
#endregion
#region Enable NSG Flow Logs
Foreach($NW in $NWs){
$NWlocation = $NW.location
write-host "Looping trough $NWlocation" -ForegroundColor Yellow
$nsgs = Get-AzNetworkSecurityGroup | Where-Object {$_.Location -eq $NWlocation}
Foreach($nsg in $nsgs)
{
$flow = Get-AzNetworkWatcherFlowLogStatus -NetworkWatcher $NW -TargetResourceId $nsg.Id
if($flow.Enabled)
{write-host "flow already enabled"}
else
{
Set-AzNetworkWatcherConfigFlowLog -NetworkWatcher $NW -TargetResourceId $nsg.Id -StorageAccountId $storageAccount.Id -EnableFlowLog $true -EnableRetention $true -RetentionInDays $retentionperiod -FormatType Json -FormatVersion 2 -EnableTrafficAnalytics -Workspace $workspace -TrafficAnalyticsInterval 60
write-host "Flows enabled for " $nsg.Name
}
}
}
#endregion
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment