Plugin Title | NSG Log Analytics Enabled |
Cloud | AZURE |
Category | Monitor |
Description | Ensures Network Security Group logs are sent to the Log Analytics workspace |
More Info | Enabling Log Analytics for Network Security Groups ensures that logs are shipped to a central repository that can be queried and audited. |
AZURE Link | https://docs.microsoft.com/en-us/azure/azure-monitor/platform/collect-activity-logs |
Recommended Action | Enable sending of logs to Log Analytics for each Network Security Group resource in the Azure Monitor. |
- Log into the Microsoft Azure Management Console.
- Select the "Search resources, services, and docs" option at the top and search for Network Security Group.
- Select the "Network Security Group" which needs to be verified.
- On the "Network security groups" page, scroll down the left navigation panel and choose "Diagnostics Settings" under "Monitoring".
- On the "Network security groups - Diagnostic Setting" page if "No diagnostic settings defined" is showing then the select "Network Security Group" then logs are not sent to the Log Analytics workspace.
- Repeat steps number 2 - 5 to verify other "Network Security Groups".
- Navigate to "Network Security Group", select the "Network Security Group" and choose "Diagnostics Settings" under "Monitoring".
- On the "Diagnostic settings" page click on the "Add diagnostic setting" option.
- On the "Diagnostics Settings" page enter the Name, click the checkbox for "Send to Log Analytics", select an existing Log Analytics workspace, or create a workspace and to enable "log" and select the checkboxes against "NetworkSecurityGroupEvent" and "NetworkSecurityGroupRuleCounter". Click on the "Save" button at the top to make the changes.
- Repeat steps number 7 - 9 to enable sending of logs to Log Analytics for each Network Security Group resource in the Azure Monitor.