Log Network Traffic to Azure Storage Account

D

A network security group (NSG) enables you to filter inbound traffic to, and outbound traffic from, a virtual machine (VM). You can log network traffic that flows through an NSG with Network Watcher's NSG flow log capability. Steps include:

-> Create a VM with a network security group

-> Enable Network Watcher and register the Microsoft.Insights provider

-> Enable a traffic flow log for an NSG, using Network Watcher's NSG flow log capability

-> Download logged data

View logged data -

https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal

To log the network traffic to an Azure Storage account, you need to enable NSG flow logs. Therefore, the correct answer is D.

An NSG is a fundamental Azure resource that controls access to network traffic by using security rules. By enabling flow logs, you can capture network traffic that is processed by an NSG. NSG flow logs provide you with information about the source and destination IP addresses, ports, protocol, and action (allow or deny) taken on the traffic.

To enable NSG flow logs, you can use the Azure portal, Azure PowerShell, or Azure CLI. Here are the steps to enable NSG flow logs using the Azure portal:

1. Open the Azure portal and go to the NSG that you want to enable flow logs for.
2. Under the Monitoring section, click on Diagnostics settings.
3. Click on Add diagnostic setting to create a new setting.
4. Enter a name for the setting and select the Storage account that you want to use to store the logs.
5. Under the category section, select NSG flow logs.
6. Specify the retention period for the logs.
7. Click on Save to enable the diagnostic setting.

After you enable NSG flow logs, the logs will be stored in the specified storage account. You can use Azure Monitor, Azure Log Analytics, or any other log analysis tool to analyze and visualize the logs.

In conclusion, to log the network traffic to an Azure Storage account from an NSG, you need to enable NSG flow logs.