Sign Up Free Request Demo

Analyze Azure Network Watcher Flow Logs with Sumo Logic

Azure Network Watcher

Azure Network Watcher is a network performance and diagnostic service which enables you to monitor your Azure Network. This service lets you collect “Network Security Group (NSG) Flow Logs”. NSG flows logs have 5-tuple information (source, destination, Traffic Flow, Traffic : Allowed/Denied) about ingress and egress IP traffic that are either blocked or allowed by the NSG, allowing you to troubleshoot traffic and security issues. NSG flow logs can enabled via Portal, PowerShell and CLI, more info here.


Why Integrate and Analyze Azure Network Watcher Flow Logs with Sumo Logic ?

Using Sumo Logic’s machine learning algorithm and search capabilities, you can monitor your Azure Network and alert on key metrics to rapidly identify problems and security issues. Sumo Logic App for Azure Network Watcher leverages NSG flow logs to provide real-time visibility and analysis of your Azure Network. It provides preconfigured Dashboards that allow you to monitor inbound traffic, outlier in traffic flow, and denied flows. Furthermore, this data can be co-related with other Sumo Logic App for Azure Web Apps  and Audit for more contextual information. Also, Sumo Logic Threat Intelligence feed can give you extra layer of security on the top of your flow logs. Sumo Logic App for Azure Network Watcher comes with following preconfigured dashboards:

Network Watcher – Overview

This Dashboard provides general information of the NSG flow logs, including Panels that drill-down into queries with NIC, tuple and traffic flow information. The Overview Dashboard gives a good starting point for detecting outlier in denied traffic and geographic hotspots for inbound traffic. Dashboard also allows panels to be filtered by rule name, source/destination IP and port, and other metadata fields.

Network Watcher – Overview

Source Address Location of Inbound Traffic. Displays geolocation of Inbound Traffic
Flow Traffic by Rule Name. Shows the breakdown of all traffic by security rule name set up at NSG level.
Denied Traffic per Minute. Shows trend in denied inbound traffic flow per minute.
Breakdown of Traffic (Allowed or Denied). Displays traffic breakdown by Allowed or Denied flow.
Top 10 Destination Ports. Shows top 10 destination ports in last 24 hours.
Flow Traffic by Protocol. Displays trend of traffic by its protocol ( TCP/UDP).
Denied Traffic per Hour – Outlier. This panel, using Sumo Logic machine learning Outlier operator, shows any unexpected sequence in denied traffic.
Denied Traffic Comparison (Today Vs Yesterday) – Outlier. Compares denied traffic of last 24 hours with previous 24 hours and shows any unexpected difference between two time periods.

Get Started with Sumo Logic App for Azure Network Watcher

For more info on the App – please visit Sumo Logic for Azure Network Watcher. To set up the App, follow Collect Logs for Azure Network Watcher and Install the Azure Network Watcher App section at Azure App page



Get Started Today!

Sign up for your FREE Sumo Logic Trial.

Sign Up Free
“Sumo Logic brings everything together into one interface where we can quickly scan across 1,000 servers and gigabytes of logs and quickly identify problems. It’s awesome software and awesome support.”

Jon Dokuli,
VP of Engineering

Thank you for signing up for Sumo Logic.

We are creating your account now.
Please check your email.
Need more help? Contact Us
Sign up for free trial
Sign up for free trial

Full functionality for 30 days. Ingest and analyze data in minutes.

    • Please Enter your email address.
    • Please enter a valid email address.
    • This email is already in use for another account.
    • Please use your company email to create an account.
    • Please agree to the Service License.
    • Free trial provisioning is temporarily offline, please call 855-LOG-SUMO to get started.
    Deployment region: North America: US Change
    Plan: Professional - Free Trial Change
    View All Pricing Options
    Already have an account? Login