Azure Storage – Restoration of NSG flow logs retention
Share
Services
The Retention feature on NSG flow logs was recently disabled, the functionality has been restored for [general purpose v2 (GPv2) accounts and Blob storage accounts. ](https://docs.microsoft.com/azure/storage/common/storage-account-overview#types-of-storage-accounts) It will not be restored for general purpose v1 (GPv1) storage accounts.
**What has been restored?**
NSG flow log retention is now available for users with GPv2 and Blob storage accounts – the flow log data will be deleted as per the retention policy configured earlier. Going forwards, configuring a retention period will create a [data lifecycle management policy ](https://docs.microsoft.com/en-us/azure/storage/blobs/storage-lifecycle-management-concepts?tabs=azure-portal)on the storage account.
Retention won’t be restored for users with GPv1 accounts but flow logs will continue to work as they currently do. Users with v1 storage accounts are recommended to [upgrade their storage accounts to v2](https://docs.microsoft.com/azure/storage/common/storage-account-upgrade) for enabling retention. [Upgrading to v2](https://docs.microsoft.com/azure/storage/common/storage-account-upgrade) is free of charge and v2 accounts provide more features.
_Storage-limitation on GPv2 accounts_
On GPv2 accounts, the current mechanism can only support up to 1000 NSGs. If more than 1000 NSGs are being logged, customers will have to start using multiple storage accounts. Why? Storage accounts allow the creation of up to 100 rules. This combined with 10-match[ prefixes](https://docs.microsoft.com/azure/storage/blobs/storage-lifecycle-management-concepts?tabs=azure-portal#rule-filters) per rule means that we can currently support up to 1000 NSGs per storage account.
**What do I have to do?**
* **Users with GPv2 and Blob storage accounts in NSG flow logs –** To restore retention, users must disable then enable flow logs on every NSG.
* Portal: For each NSG – Go to the flow logs settings, toggle status to Off. Click Save. Toggle status to On. Click Save
* Powershell: Use the [Set-AzureRmNetworkWatcherConfigFlowLog](https://docs.microsoft.com/powershell/module/azurerm.network/set-azurermnetworkwatcherconfigflowlog?view=azurermps-6.13.0) module. For every NSG, toggle -EnableFlowLog to false. Then toggle it back to true. You can find sample commands in the [documentation](https://docs.microsoft.com/azure/network-watcher/network-watcher-nsg-flow-logging-powershell).
* Azure CLI: Use the [az network watcher flow-log](https://docs.microsoft.com/cli/azure/network/watcher/flow-log?view=azure-cli-latest) module. For every NSG, toggle --enabled to false. Then toggle it back to true. You can find sample commands in the [documentation](https://docs.microsoft.com/azure/network-watcher/network-watcher-nsg-flow-logging-cli).
This will reconfigure flow logs and restore retention. If this isn’t done, all NSG flow logs users with v2 storage accounts will have their retention restored through a manual migration after 60 days.
* **Users with GPv1 storage accounts in NSG flow logs –** If you seek to store data permanently, no action is needed. Existing data in the v1 storage account will remain as it currently is and NSG flow logs will continue to work but the data will not be deleted by the retention service. Follow [these instructions](https://docs.microsoft.com/azure/storage/common/storage-account-upgrade) to upgrade your account to v2 for enabling retention. In case you don’t want to upgrade your storage account, you may use the [deletion script](https://docs.microsoft.com/azure/network-watcher/network-watcher-delete-nsg-flow-log-blobs) provided earlier.
**How do I upgrade my account?**
To upgrade to v2, follow [these instructions](https://docs.microsoft.com/azure/storage/common/storage-account-upgrade).
* Network Watcher
* Features
* Services
* [ Network Watcher](https://azure.microsoft.com/en-gb/services/network-watcher/)
What else is happening at Microsoft Azure?
Read update
Services
Share
Read update
Services
Share
We’re retiring Azure Time Series Insights on 7 July 2024 – transition to Azure Data Explorer
May 31st, 2024
Services
Share