Sudden spike network out

Copper Contributor

Hi Folks,

 

We have VM running on Azure portal which is Linux VM

 

We have facing sudden network data transfer out unexpectedly for specific time period , we checked and detailed analyzing on server internal logs but didn't find any suspicious activity occurs during that time from server side.

 

Please let us know, how to fix and find RCA of this issue?

 

 

Regards,

Divya

 

 

2 Replies
You can have a look at network watcher and NSG flow logs:
https://learn.microsoft.com/en-us/azure/network-watcher/traffic-analytics

look at what traffic is being sent at that time.
I agree with @needleStack. Ensure there's an NSG on the subnet or on the NIC of the VM, enable NSG Flow Logs and enable Traffic Analytics so you can use KQL to query the logs for the specific 5-tuple details.