General availability: Virtual network flow logs

Azure Network Watcher provides network monitoring and troubleshooting capabilities to increase observability and actionable insights with out of box health metrics and topology visualization, connectivity  monitoring, traffic monitoring and diagnostics suite.

Virtual network flow logs are a new capability of Network Watcher service that enable you to capture information about IP traffic flowing through your virtual networks for usage monitoring and optimization, troubleshooting connectivity, compliance, and security analysis. These flow logs provide a lightweight, scalable approach to address network observability needs.

Benefits:

• Record network traffic at the scope of virtual network, subnet, or NIC to meet audit and compliance needs.
• Identify top talkers in your network for usage monitoring and optimization to evaluate traffic levels and bandwidth consumption.
• Troubleshoot connectivity issues and identify blocked traffic due to Network Security Group (NSG) or Azure Virtual Network Manager rules.
• Observe encrypted traffic and evaluate encryption status of the traffic.
• Perform security analysis on network data to detect malicious activity.

Currently flow logs are supported on network security groups, this new functionality allows you to log traffic at the scope of your virtual networks. Flow data is sent to Azure Storage accounts. From there, you can access the data and export it to any visualization tool, Security Information and Event Management (SIEM) solution, or Intrusion Detection System (IDS) of your choice. You can also enable Traffic Analytics that aggregates and enriches flow data to provide advanced visibility into user and application activity as well as malicious IP communication in your networks.

Learn more about virtual network flow logs.

Read the blog announcement.