azure - 如何使用 Azure PowerShell 创建 Azure 网络安全组流日志

这可以通过以下操作序列来实现：

1. 确定链接到虚拟机的 NSG
2. 获取或创建一个用于NSG位置的NetworkWatcher
3. 找到合适的存储帐户
4. 设置流日志配置，如果不存在

param(
    # RegEx pattern to find your first VM in your current subscription
    [Parameter(Mandatory = $true, Position = 1)]
    [string]$vmNamePattern,
    # RegEx pattern to find a storage account in your current subscription
    [Parameter(Mandatory = $true, Position = 2)]
    [string]$storageNamePattern
)

$vm = Get-AzVM | Where-Object { $_.Name -match $vmNamePattern } | Select-Object -First 1
$nic = Get-AzNetworkInterface -ResourceId $vm.NetworkProfile.NetworkInterfaces[0].Id
$sn = Get-AzVirtualNetworkSubnetConfig -ResourceId $nic.IpConfigurations[0].Subnet.Id
$nsgRes = Get-AzResource -ResourceId $sn.NetworkSecurityGroup.Id
$nsg = Get-AzNetworkSecurityGroup -ResourceGroupName $nsgRes.ResourceGroupName -Name $nsgRes.ResourceName

# create or get NetworkWatcher
$nw = Get-AzNetworkWatcher -ResourceGroupName NetworkWatcherRg | ? { $_.Location -eq $nsg.Location }
if (!$nw) {
    New-AzNetworkWatcher -ResourceGroupName NetworkWatcherRg -Location $nsg.Location -Name $("NetworkWatcher_" + $nsg.Location)
    $nw = Get-AzNetworkWatcher -ResourceGroupName NetworkWatcherRg | ? { $_.Location -eq $nsg.Location }
}

# detect first viable storage account
$storageAccount = Get-AzStorageAccount  | Where-Object { $_.StorageAccountName -match $storageNamePattern -and $_.PrimaryEndpoints.Blob -match "^http" } | Select-Object -First 1

# get or set NSG flow log if not yet established
$fl = Get-AzNetworkWatcherFlowLogStatus -NetworkWatcher $nw -TargetResourceId $nsg.Id
if (!$fl) {
    # https://docs.microsoft.com/de-de/azure/network-watcher/network-watcher-nsg-flow-logging-powershell
    Set-AzNetworkWatcherConfigFlowLog -NetworkWatcher $nw -TargetResourceId $nsg.Id -StorageAccountId $storageAccount.Id -EnableFlowLog $true -FormatType Json -FormatVersion 2
}