Skip to content

Instantly share code, notes, and snippets.

@matt-FFFFFF

matt-FFFFFF/NSG-Flow-Log-Analytics-policydef.json

Last active July 21, 2020 10:56
Show Gist options
  • Save matt-FFFFFF/2c3b5c012fb0e4f4f8c33736c4a0192e to your computer and use it in GitHub Desktop.
Save matt-FFFFFF/2c3b5c012fb0e4f4f8c33736c4a0192e to your computer and use it in GitHub Desktop.
Download ZIP
NSG flow logs and traffic analytics policy def
Raw
NSG-Flow-Log-Analytics-policydef.json
{
"mode": "All",
"policyRule": {
"if": {
"equals": "Microsoft.Network/networkSecurityGroups",
"field": "type"
},
"then": {
"details": {
"deployment": {
"properties": {
"mode": "incremental",
"parameters": {
"flowAnalyticsEnabled": {
"value": "[parameters('flowAnalyticsEnabled')]"
},
"location": {
"value": "[field('location')]"
},
"logAnalytics": {
"value": "[parameters('logAnalytics')]"
},
"networkSecurityGroupName": {
"value": "[field('name')]"
},
"resourceGroupName": {
"value": "[resourceGroup().name]"
},
"retention": {
"value": "[parameters('retention')]"
},
"storageAccountResourceId": {
"value": "[parameters('storageAccountResourceId')]"
},
"trafficAnalyticsInterval": {
"value": "[parameters('trafficAnalyticsInterval')]"
}
},
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"outputs": {},
"parameters": {
"flowAnalyticsEnabled": {
"type": "bool"
},
"location": {
"type": "string"
},
"logAnalytics": {
"type": "string"
},
"networkSecurityGroupName": {
"type": "string"
},
"resourceGroupName": {
"type": "string"
},
"retention": {
"type": "int"
},
"storageAccountResourceId": {
"type": "string"
},
"trafficAnalyticsInterval": {
"type": "int"
}
},
"resources": [
{
"apiVersion": "2020-05-01",
"location": "[parameters('location')]",
"name": "[concat('NetworkWatcher_', toLower(parameters('location')), '/', parameters('networkSecurityGroupName'), '-', parameters('resourceGroupName'), '-flowlog' )]",
"properties": {
"enabled": true,
"flowAnalyticsConfiguration": {
"networkWatcherFlowAnalyticsConfiguration": {
"enabled": "[bool(parameters('flowAnalyticsEnabled'))]",
"trafficAnalyticsInterval": "[parameters('trafficAnalyticsInterval')]",
"workspaceId": "[if(not(empty(parameters('logAnalytics'))), reference(parameters('logAnalytics'), '2020-03-01-preview', 'Full').properties.customerId, json('null')) ]",
"workspaceRegion": "[if(not(empty(parameters('logAnalytics'))), reference(parameters('logAnalytics'), '2020-03-01-preview', 'Full').location, json('null')) ]",
"workspaceResourceId": "[if(not(empty(parameters('logAnalytics'))), parameters('logAnalytics'), json('null'))]"
}
},
"format": {
"type": "JSON",
"version": 2
},
"retentionPolicy": {
"days": "[parameters('retention')]",
"enabled": true
},
"storageId": "[parameters('storageAccountResourceId')]",
"targetResourceId": "[resourceId(parameters('resourceGroupName'), 'Microsoft.Network/networkSecurityGroups', parameters('networkSecurityGroupName'))]"
},
"type": "Microsoft.Network/networkWatchers/flowLogs"
}
],
"variables": {}
}
}
},
"existenceCondition": {
"allOf": [
{
"equals": "true",
"field": "Microsoft.Network/networkWatchers/flowLogs/enabled"
},
{
"equals": "[parameters('flowAnalyticsEnabled')]",
"field": "Microsoft.Network/networkWatchers/flowLogs/flowAnalyticsConfiguration.networkWatcherFlowAnalyticsConfiguration.enabled"
}
]
},
"name": "[concat('NetworkWatcher_', field('location'), '/', field('name'), '-', resourceGroup().name, '-flowlog' )]",
"resourceGroupName": "NetworkWatcherRG",
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"type": "Microsoft.Network/networkWatchers/flowLogs"
},
"effect": "deployIfNotExists"
}
},
"parameters": {
"flowAnalyticsEnabled": {
"type": "Boolean",
"metadata": {
"displayName": "Enable Traffic Analytics",
"description": null
},
"defaultValue": false
},
"logAnalytics": {
"type": "String",
"metadata": {
"displayName": "Resource ID of Log Analytics workspace",
"description": null,
"strongType": "omsWorkspace"
},
"defaultValue": ""
},
"retention": {
"type": "Integer",
"metadata": {
"displayName": "Retention",
"description": null
},
"defaultValue": 5
},
"storageAccountResourceId": {
"type": "String",
"metadata": {
"displayName": "Storage Account Resource Id",
"description": null,
"strongType": "Microsoft.Storage/storageAccounts"
}
},
"trafficAnalyticsInterval": {
"type": "Integer",
"metadata": {
"displayName": "Traffic Analytics processing interval mins (10/60)",
"description": null
},
"defaultValue": 60
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment