Azure Network Security Group missing audit logs

0
votes

In Log analytics for network security groups, Microsoft describes how to enable "Counter logs" that keep track of how many times the security rules for NSGs are invoked.

I've followed the instructions in the article, enabling the NetworkSecurityGroupRuleCounter for my NSG, but I don't get any events. I am sure that my Inbound and Outbound rules are being invoked; I can successfully use them to block incoming and outgoing traffic for VMs in the group.

As you can see, the setting is enabled as shown in the article. Is there something else that's needed to make the Counter logs show up? azure-nsg

2
azure

2 Answers

0
votes

This turned out to be a software fault and not a configuration issue. I finally got an engineer at Microsoft to look at this problem. They restarted an agent on a host machine, which fixed the issue.

-1
votes

Have you tried choosing a different storage account to see if the logs are recorded?

How exactly are you analyzing the logs?

Is the Storage account created in Azure Resource Manager?

Check and make sure that the Storage account that you have chosen for the logs is created in Azure Resource manager.