Enable an Azure function to forward NSG logs from your Azure Blob Storage account to your Logz.io account.
Before you begin, you'll need:
- An Azure Blob Storage account of the type StorageV2 (general purpose v2) dedicated to NSG logs and called Logzio_NSG_BLOB
- A virtual machine instance in Azure resource group connected to the storage account
- Network Watcher enabled in the region of the virtual machine
Configure the NSG flow to your Azure Blob Storage account
Register Insights provider
- Log in to the Azure Portal.
- Navigate to All services > Subscriptions.
- Select the subscription that the Azure resource group belongs to.
- Select Settings > Resource providers.
- Make sure that Status for the microsoft.insights provider is set to Registered. If not, set it to Registered.
Enable NSG flow log
- For your VM, navigate to Networking > NSG > NSG flow.
- From the list of NSGs, select the NSG with the name of your VM.
- Set the Flow logs status to on.
- Select the required Flow logs version.
- In the Storage accound field, select the Logzio_NSG_BLOB Azure Blob Storage account.
- Select the required retention period.
- If required, enable the Traffic Analytics.
- Save the configuration.
Connect your Azure Blob Storage account to Logz.io
Open the link below and fill in the form according to the table.
|Resource group||Select your existing resource group.||Required|
|Location||Select the same region as the Azure services that will stream data to this Blob Storage.||Required|
|Logzio host||Use the listener URL specific to the region where your Logz.io account is hosted. Click to look up your listener URL. The required port depends whether HTTP or HTTPS is used: HTTP = 8070, HTTPS = 8071.||Required|
|Log shipping token||Your Logz.io log shipping token directs the data securely to your Logz.io Log Management account. The default token is auto-populated in the examples when you're logged into the Logz.io app as an Admin. Manage your tokens.||Required|
|Blob Storage Account Name||Logzio_NSG_BLOB||Required|
|Format||Select the supported parsing format: json||Required|
|Buffersize||The maximum number of messages the logger will accumulate before sending them all as a bulk|
|Timeout||The read/write/connection timeout in milliseconds.|
At the bottom of the page, select Review + Create, and then click Create to deploy. Deployment can take a few minutes.
Only new logs that are created from the moment the integration process is complete are sent to Logz.io. Logs that were added before this integration are not sent to Logz.io.
Check Logz.io for your logs
Give your logs some time to get from your system to ours, and then open Open Search Dashboards. You can filter for logs of
azure_blob_trigger to see the incoming logs.
If you still don’t see your logs, see log shipping troubleshooting.