Microsoft Azure Documentation

Monitoring Azure Network Resources

This section provides comprehensive guidance on monitoring your Azure network resources, ensuring performance, availability, and security. Effective monitoring is crucial for understanding network behavior, identifying potential issues, and optimizing your cloud network infrastructure.

Key Monitoring Tools and Services

Azure offers a suite of powerful tools to monitor your network. Understanding and utilizing these services will help you gain deep insights into your network traffic and health.

Azure Monitor

Azure Monitor is the foundational service for collecting, analyzing, and acting on telemetry from your Azure and on-premises environments. For networking, it provides:

  • Metrics: Collects numerical data about resource performance, such as throughput, latency, and packet loss.
  • Logs: Stores event data and diagnostic logs, allowing for detailed analysis and querying.
  • Alerts: Notifies you when critical conditions are met based on metrics or logs.

Learn more about Azure Monitor.

Network Watcher

Network Watcher is a service that enables you to monitor, diagnose, and view metrics for your Azure network resources. It offers a variety of tools specifically for network troubleshooting and monitoring:

  • Connection Troubleshoot: Diagnoses connectivity issues between a virtual machine and another endpoint.
  • IP Flow Verify: Verifies if traffic is allowed or denied to or from a virtual machine.
  • NSG Flow Logs: Captures information about IP traffic flowing to and from network interfaces in your Azure Virtual Network.
  • Packet Capture: Captures network traffic to and from an Azure virtual machine.
  • Connection Monitor: Monitors network connectivity between Azure resources and between Azure and on-premises endpoints.

Explore Network Watcher features.

Azure Firewall Monitoring

For Azure Firewall, specific monitoring capabilities include:

  • Azure Firewall Logs: Logs can be sent to Azure Monitor Logs, Event Hubs, or a storage account for analysis.
  • Network Firewall Insights: Provides a centralized dashboard for network firewall monitoring and analysis.

Monitoring Scenarios and Best Practices

Here are common scenarios and recommended practices for monitoring your Azure network:

Scenario 1: Detecting Performance Degradation

Monitor key metrics like latency, packet loss, and bandwidth utilization for your Virtual Network Gateways, Load Balancers, and Application Gateways. Set up alerts for thresholds that indicate performance issues.


# Example PowerShell snippet to get network interface metrics
Get-AzMetric -ResourceId "/subscriptions/{subId}/resourceGroups/{rgName}/providers/Microsoft.Network/networkInterfaces/{nicName}" -MetricName "NetworkInTotal" -TimeRange 'PT1H' -Interval 'PT1M'

Scenario 2: Troubleshooting Connectivity Issues

Utilize Network Watcher's Connection Troubleshoot and IP Flow Verify tools to pinpoint the source of connectivity problems between resources or to external endpoints. Analyze NSG Flow Logs to understand traffic filtering rules.

Scenario 3: Security Monitoring

Review Azure Firewall logs for denied traffic, identify suspicious patterns, and ensure your security policies are effective. Integrate network logs with Azure Sentinel for advanced threat detection and response.

Getting Started

To begin monitoring your Azure network:

  1. Enable Network Watcher for your virtual networks.
  2. Configure NSG Flow Logs to capture traffic data.
  3. Set up diagnostic settings for your network resources to send logs and metrics to Azure Monitor.
  4. Create alert rules in Azure Monitor based on key performance indicators and security events.

Continue exploring the documentation to dive deeper into specific monitoring tools and advanced configurations.