Microsoft Azure NSG Flow Logs

Version: 2.0.0

NSG flow logs are stored in a storage account in block blobs. Block blobs are made up of smaller blocks. Each log is a separate block blob that is generated every hour. New logs are generated every hour, the logs are updated with new entries every few minutes with the latest data.

Connect Microsoft Azure NSG Flow Logs with LogicHub

  1. Navigate to Automations > Integrations.
  2. Search for Microsoft Azure NSG Flow Logs.
  3. Click Details, then the + icon. Enter the required information in the following fields.
    • Label: Enter a connection name.
    • Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
    • Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
    • Remote Agent: Run this integration using the LogicHub Remote Agent.
    • Storage Account Name: Storage Account name in which logs are stored.
    • Storage Account Access Key: Access Key required for authentication to Microsoft Azure Storage account
  4. After you've entered all the details, click Connect.

Actions for Microsoft Azure NSG Flow Logs

Get Logs

Fetch Flow log tuples of Azure NSG Flow. Blocks are generated per minute. So query on larger time range will carry more number of requests(one request per minute of time range). As an example one hour range will hit Azure servers 60 times to fetch all data which are divided into 60 files (and would be quite slow)

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Resource GroupResource group to which Storage account is linked.Required
NSG NameNSG name for which logs are to be retrieved.Required
Mac AddressJinja-templated Mac address for which logs are to be retrieved.
Example: 000D3AF65286.
Required
Start TimeStart time in ISO format for logs to be retrieved. Example: 2019-09-26T07:58:30.996+02:00. Default is execution start time.Required
End TimeEnd time in ISO format for logs to be retrieved. Example: 2019-09-26T07:58:30.996+02:00. Default is execution end time.Required

Output

An Array of JSON in individual rows with each containing the following items:

  • has_error: True/False
  • error: message/null
  • result: flow log tuple
{
   "error":null,
   "has_error":false,
   "result":"1620057588,10.0.0.4,20.150.87.132,48486,443,T,O,A,E,0,0,0,0"
}

Release Notes

  • v2.0.0 - Updated architecture to support IO via filesystem

© 2017-2021 LogicHub®. All Rights Reserved.