Forum Discussion

yilouiscylee8's avatar
yilouiscylee8
Copper Contributor
Nov 18, 2020

network traffic monitoring - inbound internet traffic source IP

Hi Everyone,

Wonder if anyone aware any tool or method in Azure enable to track or monitor the source ip of inbound internet traffic access to azure virtual machine which hosting web application with IIS? Tried explore application insights, network watcher, traffic analytics but could not find a right tool. Any advice or comment is appreciated.

Thank you very much!

 

Best regards,

yilouiscylee8

  • StefanIvemo's avatar
    StefanIvemo
    Brass Contributor

    yilouiscylee8 

     

    You should definitely consider putting an Application Gateway with WAF in front of your VM. You will improve security a lot, and by enabling diagnostic logs on the AppGW to Log Analytics you will get what your looking for. Especially if you add the WAF workbook to your Log Analytics workspace. https://docs.microsoft.com/en-us/azure/web-application-firewall/waf-sentinel  (you don't need to use Sentinel, the WAF Workbook can be enabled on Log Analytics without Sentinel).

     

    A direct link to the WAF Workbook ARM Template can be found here: https://github.com/Azure/Azure-Network-Security/tree/master/Azure%20WAF/Azure%20Monitor%20Workbook

     

    If you don't want to add any additional components to your solution, NSG Flow Logs and Traffic Analytics are the tools available to analyze traffic logs. NSG Flow Logs will log all the traffic and send it to a Storage Account, Traffic Analytics will aggregate the data and store it in the Log Analytics Workspace. Then you can just query the data and you will be able to find what you are looking for.

     

     

    • yilouiscylee8's avatar
      yilouiscylee8
      Copper Contributor

      Hi StefanIvemo,

      Thanks for your sharing & advices. I will look into NSG flow log and Traffic Analytics again.

      Best regards,

      yilouiscylee8 

Resources