To enable the Network Security Group (NSG) flow data collection in VMware Aria Operations for Networks, you must enable the NSG flow log in your Azure environment.

The procedure and task related to Azure are documented in https://docs.microsoft.com/en-us/azure/network-watcher/.

Prerequisites

Verify that you have the correct permission. For information on permissions, see Supported Products and Versions.

Procedure

  1. Enable network watcher in your Azure environment. For more information, see tutorials on Log VM network traffic in Azure Network Watcher Documentation.
  2. Register insights provider in your Azure environment. For more information, see tutorials on Log VM network traffic in Azure Network Watcher Documentation.
  3. Enable NSG flow log in your Azure environment. For more information, see tutorials on Log VM network traffic in Azure Network Watcher Documentation.
  4. In the Microsoft Azure portal, Click Storage Account > Blob.
  5. Select the container in which you are storing the flow logs, then click Change access level and select one of the following options as per your requirement:
    • Private (no anonymous access)
    • Blob (anonymous read access for blobs only)
    • Container (anonymous read access for container and blobs).
    Note: For more information on public access level for container, see Azure Documentation.
    You must do this step for all the container in which you are storing the flow logs.