From 06a5a3a4701dfaad19dae436cb20c3ac280cd68c Mon Sep 17 00:00:00 2001 From: Sayantan Ghosh <37360255+sayghosh@users.noreply.github.com> Date: Thu, 9 Jan 2020 12:21:10 +0530 Subject: [PATCH 1/3] Update Set-AzNetworkWatcherConfigFlowLog.md --- .../help/Set-AzNetworkWatcherConfigFlowLog.md | 33 +++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/src/Network/Network/help/Set-AzNetworkWatcherConfigFlowLog.md b/src/Network/Network/help/Set-AzNetworkWatcherConfigFlowLog.md index 995acd35d8b3..8a74210caede 100644 --- a/src/Network/Network/help/Set-AzNetworkWatcherConfigFlowLog.md +++ b/src/Network/Network/help/Set-AzNetworkWatcherConfigFlowLog.md @@ -181,6 +181,39 @@ FlowAnalyticsConfiguration : { In this example we configure flow logging status and Traffic Analytics for a Network Security Group. In the response, we see the specified NSG has flow logging and Traffic Analytics enabled, default format, and no retention policy set. +### Example 4: Disable Traffic Analytics for a Specified NSG with Flow Logging and Traffic Analytics configured +``` +PS C:\> $NW = Get-AzNetworkWatcher -ResourceGroupName NetworkWatcherRg -Name NetworkWatcher_westcentralus +PS C:\> $nsg = Get-AzNetworkSecurityGroup -ResourceGroupName NSGRG -Name appNSG +PS C:\> $storageId = "/subscriptions/bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb/resourceGroups/NSGRG/providers/Microsoft.Storage/storageAccounts/contosostorageacct123" +PS C:\> $workspace = Get-AzOperationalInsightsWorkspace -Name WorkspaceName -ResourceGroupName WorkspaceRg +PS C:\> Set-AzNetworkWatcherConfigFlowLog -NetworkWatcher $NW -TargetResourceId $nsg.Id -EnableFlowLog $true -StorageAccountId $storageID -EnableTrafficAnalytics -Workspace $workspace -TrafficAnalyticsInterval 60 +PS C:\> Set-AzNetworkWatcherConfigFlowLog -NetworkWatcher $NW -TargetResourceId $nsg.Id -EnableFlowLog $true -StorageAccountId $storageID -EnableTrafficAnalytics:$false -Workspace $workspace + +TargetResourceId : /subscriptions/bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb/resourceGroups/NSGRG/providers/Microsoft.Network/networkSecurityGroups/appNSG +StorageId : /subscriptions/bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb/resourceGroups/NSGRG/providers/Microsoft.Storage/storageAccounts/contosostorageacct123 +Enabled : True +RetentionPolicy : { + "Days": 0, + "Enabled": false + } +Format : { + "Type ": "Json", + "Version": 1 + } +FlowAnalyticsConfiguration : { + "networkWatcherFlowAnalyticsConfiguration": { + "enabled": false, + "workspaceId": "bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb", + "workspaceRegion": "WorkspaceLocation", + "workspaceResourceId": "/subscriptions/bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb/resourcegroups/WorkspaceRg/providers/microsoft.operationalinsights/workspaces/WorkspaceName", + "TrafficAnalyticsInterval": 60 + } + } +``` + +In this example we disable Traffic Analytics for a Network Security Group which has flow logging and Traffic Analytics configured earlier. In the response, we see the specified NSG has flow logging enabled but Traffic Analytics disabled. + ## PARAMETERS ### -AsJob From db6a84d7f15f83ad390a2e0a74f63ddc8cd405b3 Mon Sep 17 00:00:00 2001 From: Sayantan Ghosh <37360255+sayghosh@users.noreply.github.com> Date: Thu, 9 Jan 2020 12:24:34 +0530 Subject: [PATCH 2/3] Update Set-AzNetworkWatcherConfigFlowLog.md --- src/Network/Network/help/Set-AzNetworkWatcherConfigFlowLog.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/Network/Network/help/Set-AzNetworkWatcherConfigFlowLog.md b/src/Network/Network/help/Set-AzNetworkWatcherConfigFlowLog.md index 8a74210caede..e1dd4bb292ba 100644 --- a/src/Network/Network/help/Set-AzNetworkWatcherConfigFlowLog.md +++ b/src/Network/Network/help/Set-AzNetworkWatcherConfigFlowLog.md @@ -188,6 +188,8 @@ PS C:\> $nsg = Get-AzNetworkSecurityGroup -ResourceGroupName NSGRG -Name appNSG PS C:\> $storageId = "/subscriptions/bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb/resourceGroups/NSGRG/providers/Microsoft.Storage/storageAccounts/contosostorageacct123" PS C:\> $workspace = Get-AzOperationalInsightsWorkspace -Name WorkspaceName -ResourceGroupName WorkspaceRg PS C:\> Set-AzNetworkWatcherConfigFlowLog -NetworkWatcher $NW -TargetResourceId $nsg.Id -EnableFlowLog $true -StorageAccountId $storageID -EnableTrafficAnalytics -Workspace $workspace -TrafficAnalyticsInterval 60 + + PS C:\> Set-AzNetworkWatcherConfigFlowLog -NetworkWatcher $NW -TargetResourceId $nsg.Id -EnableFlowLog $true -StorageAccountId $storageID -EnableTrafficAnalytics:$false -Workspace $workspace TargetResourceId : /subscriptions/bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb/resourceGroups/NSGRG/providers/Microsoft.Network/networkSecurityGroups/appNSG From ae0aaeebbbede873cc534c41c657670b2abff0d8 Mon Sep 17 00:00:00 2001 From: Sayantan Ghosh <37360255+sayghosh@users.noreply.github.com> Date: Fri, 10 Jan 2020 11:56:09 +0530 Subject: [PATCH 3/3] Update ChangeLog.md --- src/Network/Network/ChangeLog.md | 1 + 1 file changed, 1 insertion(+) diff --git a/src/Network/Network/ChangeLog.md b/src/Network/Network/ChangeLog.md index 674d160160f4..88c9d4a9b7fe 100644 --- a/src/Network/Network/ChangeLog.md +++ b/src/Network/Network/ChangeLog.md @@ -19,6 +19,7 @@ ---> ## Upcoming Release +* New example added to Set-AzNetworkWatcherConfigFlowLog.md to demonstrate Traffic Analytics disable scenario. ## Version 2.2.1 * Upgrade dependancy of Microsoft.Azure.Management.Sql from 1.36-preivew to 1.37-preivew