Azure-docs: This code did not work for me.

Created on 12 Jul 2018 · 6Comments · Source: MicrosoftDocs/azure-docs

This one worked:
function Get-NetworkFlowLog {
[CmdletBinding()]
param (
[string] [Parameter(Mandatory=$true)] $StorageAccountResourceGroupName,
[string] [Parameter(Mandatory=$true)] $StorageAccountName,
[string] [Parameter(Mandatory=$true)] $NsgName,
[string] [Parameter(Mandatory=$false)] $GoBackHours = 0

)
process {
    # Container always has this name for Network Flow Logs
    $containerName = "insights-logs-networksecuritygroupflowevent"

    # Get a key to your specified Storage Account
    $storageAccountKey = (Get-AzureRmStorageAccountKey -ResourceGroupName $StorageAccountResourceGroupName -Name $StorageAccountName).Value[0]

    # Get a Context for the StorageAccount, using the key
    $context = New-AzureStorageContext -StorageAccountName $StorageAccountName -StorageAccountKey $StorageAccountKey

    # Get the log blob Block List from $GoBackHours ago
    $blob = Get-AzureStorageBlob -Context $context -Container $containerName | Where-Object{($_.Name -like ("*{0}*" -f $nsgName))} | Sort-Object Name -Descending | Select-Object -First ($GoBackHours + 1) | Select-Object -Last 1
    $CloudBlockBlob =  $Blob.ICloudBlob
    $blockList = ($Blob.ICloudBlob).DownloadBlockList()

    # Get the text from that block list
    $blockText = $CloudBlockBlob.DownloadText()

    # Return the text
    $blockText
}

}

$Log = Get-NetworkFlowLog -StorageAccountResourceGroupName "my-rg" -StorageAccountName "my-san" -NsgName "my-nsg" -GoBackHours 0
Set-Clipboard $Log

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

ID: f1fa6c20-b0a4-a593-ae3f-caa62aedd89c
Version Independent ID: e6cae9b1-e822-894e-11ff-985d305743cc
Content: Read NSG flow logs
Content Source: articles/network-watcher/network-watcher-read-nsg-flow-logs.md
Service: network-watcher
GitHub Login: @jimdial
Microsoft Alias: jdial

assigned-to-author in-progress network-watchesvc triaged

Source

eggind

All 6 comments

@eggind Thanks for the feedback! I have assigned the issue to the content author to evaluate and update as appropriate.

TravisCragg-MSFT on 12 Jul 2018

in-process

jimdial on 12 Jul 2018

@eggind thank you for the contribution! I submitted a PR that makes the code in the sample into a function. I also corrected an issue when the resource group of the NSG differs from the resource group of the storage account.

I like your approach for retrieving the last n blob in the container, however I retained the original approach to maintain clarity and allow the user to specify a log file for a given time frame. Also, if the NSG is attached to multiple NICs then the user may not be able to predict which blob is returned.

mattreatMSFT on 13 Jul 2018

👍1

@eggind Matt updated the article, per this discussion. If you have further comments, just let us know. Thanks. #please-close

jimdial on 13 Jul 2018

👍1

@eggind We will now proceed to close this thread. If there are further questions regarding this matter, please tag me in your reply. We will gladly continue the discussion and we will reopen the issue.

TravisCragg-MSFT on 13 Jul 2018

👍1

Thanks, I will check your new code. Mine was just a quick and dirty to solve my issue, and yours was more generic, so I would be keen to try it.

eggind on 19 Jul 2018

Was this page helpful?

0 / 5 - 0 ratings