Forum Discussion
Kusto Query for troubleshooting the Network Security Group
Hi Team,
i need some help on Kusto Query for troubleshooting the Network Security Group connectivity between source IP and Destination IP,
can someone please help in Kusto Query to check the NSG logs for source and destination to check connectivity is allowed between source and destination.
I'm very new to Kusto Query so posted here, appreciate for help
Source Ip : 10.226.16.165
destination : 159.123.12.3
2 Replies
- AzureDiagnostics
| where ResourceType == "NETWORKSECURITYGROUPS"
| where Category == "NetworkSecurityGroupFlowEvent"
| where properties_s_protocol_s == "TCP" // Change this to "UDP" if necessary
| where properties_s_srcIp_s == "10.226.16.165" and properties_s_destIp_s == "159.123.12.3"
| project TimeGenerated, SourceIP = properties_s_srcIp_s, DestinationIP = properties_s_destIp_s,
SourcePort = properties_s_srcPort_d, DestinationPort = properties_s_destPort_d,
Protocol = properties_s_protocol_s, TrafficFlow = properties_s_trafficDirection_s,
TrafficStatus = properties_s_trafficStatus_s, RuleName = properties_s_ruleName_s
| order by TimeGenerated desc AzureDiagnostics
| where Category == "NetworkSecurityGroupEvent"
| where msg_s contains "Allowed"
| where msg_s contains "Succeeded"
| where msg_s contains "type=FlowLog"
| where msg_s contains "<source-IP>"
| where msg_s contains "<destination-IP>"
| project TimeGenerated, msg_sIn this query, replace <source-IP> and <destination-IP> with the actual IP addresses of the source and destination that you want to check. The query will filter the logs to only show events where traffic was allowed and succeeded, and where the source and destination IP addresses match the ones you specified. The "project" operator is used to display the TimeGenerated and "msg_s" fields in the query result. You can modify the query to include additional fields or filters as needed.
Please "Accept as Answer" if it helped so it can help others in community looking for help on similar topics.
