Configure NSG flow logs with retention and traffic analytics settings.
Last verified: May 2026
Configure NSG flow logs with retention and traffic analytics settings.
Required Fields
networkWatcherRegionnsgResourceIdstorageAccountIdenabledretentionDaysOutput will appear here...Your security team needs flow log analysis on the 5 most-critical NSGs guarding production tier. The builder generates flow log configs for each: v2 logs, 90-day retention in a dedicated storage account, Traffic Analytics enabled to a security-focused Log Analytics workspace. You add a storage lifecycle policy to delete logs after 365 days. Total cost: ~$200/month for storage + $300/month for Traffic Analytics on the 5 NSGs. The team gets visibility they need without paying for full-environment flow log coverage.
The Azure Network Watcher Flow Log Builder helps you configure NSG (Network Security Group) flow logs for network traffic analysis. Flow logs record information about IP traffic flowing through NSGs, which is essential for security monitoring, compliance auditing, and network troubleshooting. This tool guides you through configuring flow log settings, retention policies, traffic analytics integration, and storage destinations.
The builder generates an NSG flow log v2 configuration: NSG resource ID, target storage account, retention policy (days), flow log version (use v2), and optional Traffic Analytics integration with a Log Analytics workspace ID. Output is generated as az network watcher flow-log create commands and ARM template / Bicep resources for IaC deployment.
VNet flow logs (newer Azure feature, 2023+) replace NSG flow logs and capture more comprehensive traffic data including in-VNet flows that NSG flow logs miss. If you're starting fresh in 2026, use VNet flow logs from the start; if you're using NSG flow logs, plan migration before 2026 EOL of v1.
Traffic Analytics adds substantial cost on top of flow log storage — typically $5-10/GB processed. For a busy NSG with 100 GB/month of flow logs, that's $500-1000/month JUST for analytics. Enable Traffic Analytics only on production-critical NSGs, not every NSG in your environment.
Flow log retention in storage accounts can be controlled via lifecycle management policies. Set retention via the flow log config (capped at 365 days), then a lifecycle policy to delete or archive older blobs. Without lifecycle, flow logs accumulate forever — common cause of mysterious storage cost growth.
Was this tool helpful?
Disclaimer: This tool runs entirely in your browser. No data is sent to our servers. Always verify outputs before using them in production. AWS, Azure, and GCP are trademarks of their respective owners.