Azure Proactive Resiliency Library v2
Tools Glossary GitHub GitHub Issues Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage

networkWatchers

Summary

RecommendationImpactCategoryAutomation AvailableIn Azure Advisor
Deploy Network Watcher in all regions where you have networking servicesLowMonitoring and AlertingYesNo
Fix Flow Log configurations in Failed state or Disabled StatusLowMonitoring and AlertingYesNo
Configure Network Watcher Connection monitorHighMonitoring and AlertingYesNo
Enable Network Security Group and Virtual Network Flow LogsHighMonitoring and AlertingNoNo
Enable traffic analytics in Network Security Group and Virtual Network Flow Logs configuration.HighMonitoring and AlertingNoNo

Details


Deploy Network Watcher in all regions where you have networking services

Impact:  Low Category:  Monitoring and Alerting

APRL GUID:  4e133bd0-8762-bc40-a95b-b29142427d73

Description:

Azure Network Watcher offers tools for monitoring, diagnosing, viewing metrics, and managing logs for IaaS resources. It helps maintain the health of VMs, VNets, application gateways, load balancers, but not for PaaS or Web analytics.

Potential Benefits:

Enhanced monitoring and diagnostics for Azure IaaS
Learn More:
What is Azure Network Watcher?

ARG Query:

Click the Azure Resource Graph tab to view the query

// Azure Resource Graph Query
// This query will return all locations that do not have a Network Watcher deployed
resources
| where location != "global"
| union (Resources
    | where type =~ "microsoft.network/networkwatchers")
| summarize NetworkWatcherCount = countif(type =~ 'Microsoft.Network/networkWatchers') by location
| where NetworkWatcherCount == 0
| project recommendationId = "4e133bd0-8762-bc40-a95b-b29142427d73", name=location, id="n/a", param1 = strcat("LocationMisingNetworkWatcher:", location)



Fix Flow Log configurations in Failed state or Disabled Status

Impact:  Low Category:  Monitoring and Alerting

APRL GUID:  22a769ed-0ecb-8b49-bafe-8f52e6373d9c

Description:

Network security group flow logging is a feature of Azure Network Watcher that logs IP traffic info through a network security group. If in Failed state, monitoring data from the associated resource is not collected.

Potential Benefits:

Ensures IP traffic logging
Learn More:
Manage NSG flow logs using the Azure portal

ARG Query:

Click the Azure Resource Graph tab to view the query

// Azure Resource Graph Query
// This query will return all Network Watcher Flow Logs that are not enabled or in a succeeded state
resources
| where type =~ "microsoft.network/networkwatchers/flowlogs" and isnotnull(properties)
| extend targetResourceId = tostring(properties.targetResourceId)
| extend status = iff(properties.enabled =~ 'true', "Enabled", "Disabled")
| extend provisioningState = tostring(properties.provisioningState)
| extend flowLogType = iff(properties.targetResourceId contains "Microsoft.Network/virtualNetworks", 'Virtual network', 'Network security group')
| where provisioningState != "Succeeded" or status != "Enabled"
| project recommendationId = "22a769ed-0ecb-8b49-bafe-8f52e6373d9c", name, id, tags, param1 = strcat("provisioningState:", provisioningState), param2=strcat("Status:", status), param3=strcat("targetResourceId:",targetResourceId), param4=strcat("flowLogType:",flowLogType)



Configure Network Watcher Connection monitor

Impact:  High Category:  Monitoring and Alerting

APRL GUID:  1e28bbc1-1eb7-486f-8d7f-93943f40219c

Description:

Improves monitoring for Azure and Hybrid connectivity

Potential Benefits:

Improves monitoring for Azure and Hybrid connectivity
Learn More:
Connection monitor overview

ARG Query:

Click the Azure Resource Graph tab to view the query

// under-development


Enable Network Security Group and Virtual Network Flow Logs

Impact:  High Category:  Monitoring and Alerting

APRL GUID:  a1317a0b-402d-4604-be40-a25a004ba171

Description:

Improves monitoring and security for Azure and Hybrid connectivity

Potential Benefits:

Improves monitoring and security for Azure connectivity
Learn More:
Flow logging for network security groups
Virtual network flow logs

ARG Query:

Click the Azure Resource Graph tab to view the query

// under-development


Enable traffic analytics in Network Security Group and Virtual Network Flow Logs configuration.

Impact:  High Category:  Monitoring and Alerting

APRL GUID:  bf0b7dbd-016d-458c-af99-70fcb03ad451

Description:

Improves monitoring, security and troubleshooting for Azure and Hybrid connectivity

Potential Benefits:

Improves monitoring, security and troubleshooting.
Learn More:
Network Watcher traffic analytics

ARG Query:

Click the Azure Resource Graph tab to view the query

// under-development