Azure Proactive Resiliency Library v2
Tools Glossary GitHub GitHub Issues Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage

networkWatchers

Summary

RecommendationImpactCategoryAutomation AvailableIn Azure Advisor
Deploy Network Watcher in all regions where you have networking servicesLowMonitoring and AlertingNoNo
Fix Flow Log configurations in Failed state or Disabled StatusLowMonitoring and AlertingYesNo
Configure Network Watcher Connection monitorMediumMonitoring and AlertingNoNo
Enable traffic analytics in Virtual Network Flow Logs configurationMediumMonitoring and AlertingNoNo

Details


Deploy Network Watcher in all regions where you have networking services

Impact:  Low Category:  Monitoring and Alerting

APRL GUID:  4e133bd0-8762-bc40-a95b-b29142427d73

Description:

Azure Network Watcher offers tools for monitoring, diagnosing, viewing metrics, and managing logs for IaaS resources. It helps maintain the health of VMs, VNets, application gateways, load balancers, but not for PaaS or Web analytics.

Potential Benefits:

Enhanced monitoring and diagnostics for Azure IaaS
Learn More:
What is Azure Network Watcher?

ARG Query:

Click the Azure Resource Graph tab to view the query

// under-development


Fix Flow Log configurations in Failed state or Disabled Status

Impact:  Low Category:  Monitoring and Alerting

APRL GUID:  22a769ed-0ecb-8b49-bafe-8f52e6373d9c

Description:

Network security group flow logging is a feature of Azure Network Watcher that logs IP traffic info through a network security group. If in Failed state, monitoring data from the associated resource is not collected.

Potential Benefits:

Ensures IP traffic logging
Learn More:
Manage NSG flow logs using the Azure portal

ARG Query:

Click the Azure Resource Graph tab to view the query

// Azure Resource Graph Query
// This query will return all Network Watcher Flow Logs that are not enabled or not in a succeeded state
resources
| where type =~ "microsoft.network/networkwatchers/flowlogs" and isnotnull(properties)
| extend targetResourceId = tostring(properties.targetResourceId)
| extend status = iff(properties.enabled =~ 'true', "Enabled", "Disabled")
| extend provisioningState = tostring(properties.provisioningState)
| extend flowLogType = iff(properties.targetResourceId contains "Microsoft.Network/virtualNetworks", 'Virtual network', 'Network security group')
| where provisioningState != "Succeeded" or status != "Enabled"
| project recommendationId = "22a769ed-0ecb-8b49-bafe-8f52e6373d9c", name, id, tags, param1 = strcat("provisioningState:", provisioningState), param2=strcat("Status:", status), param3=strcat("targetResourceId:",targetResourceId), param4=strcat("flowLogType:",flowLogType)



Configure Network Watcher Connection monitor

Impact:  Medium Category:  Monitoring and Alerting

APRL GUID:  1e28bbc1-1eb7-486f-8d7f-93943f40219c

Description:

Improves monitoring for Azure and Hybrid connectivity

Potential Benefits:

Improves monitoring for Azure and Hybrid connectivity
Learn More:
Connection monitor overview

ARG Query:

Click the Azure Resource Graph tab to view the query

// under-development


Enable traffic analytics in Virtual Network Flow Logs configuration

Impact:  Medium Category:  Monitoring and Alerting

APRL GUID:  bf0b7dbd-016d-458c-af99-70fcb03ad451

Description:

Improves monitoring, security and troubleshooting for Azure and Hybrid connectivity

Potential Benefits:

Improves monitoring, security and troubleshooting.
Learn More:
Network Watcher traffic analytics

ARG Query:

Click the Azure Resource Graph tab to view the query

// Azure Resource Graph Query
// This query will return all Flow Logs where Flow Analytics Configuration is disabled
resources
| where type =~ "microsoft.network/networkwatchers/flowlogs"
| where properties.targetResourceId contains "microsoft.network/virtualNetworks"
| where not(properties.flowAnalyticsConfiguration.networkWatcherFlowAnalyticsConfiguration.enabled)
| project recommendationId = "bf0b7dbd-016d-458c-af99-70fcb03ad451", name, id, tags, param1= "Flow Analytics Configuration is disabled",param2=strcat("Vnet Name : ", properties.targetResourceId)