NSG Flow Log \u3092 Azure Storage \u306b\u30a8\u30af\u30b9\u30dd\u30fc\u30c8\u3057\u3066\u304a\u3044\u3066\u3082\u3001JSON \u306e\u307e\u307e\u3060\u3068\u89e3\u6790\u304c\u96e3\u3057\u3044\u306e\u3067 Tuple (IP \/ Port, etc…) \u3060\u3051\u7c21\u5358\u306b\u62bd\u51fa\u3067\u304d\u308b PowerShell \u3092\u66f8\u3044\u3066\u307f\u307e\u3057\u305f\u3002<\/p>\n\n\n\n
Traffic Analytics \u3092\u6709\u52b9\u5316\u3057\u3066 Log Analytics \u3067 Kusto \u30af\u30a8\u30ea\u3092\u4f7f\u3046\u65b9\u304c\u304a\u3059\u3059\u3081\u3067\u3059\u304c\u3001\u6709\u52b9\u5316\u3057\u5fd8\u308c\u3066\u3066 JSON \u3092\u751f\u3067\u898b\u308b\u3057\u304b\u7121\u3044\u6642\u306a\u3069\u3067\u4f7f\u3063\u3066\u307f\u3066\u304f\u3060\u3055\u3044\u3002\u30ed\u30b0\u306e\u91cf\u304c\u591a\u3044\u3068\u975e\u5e38\u306b\u6642\u9593\u304c\u304b\u304b\u308b\u306e\u3067\u3001\u9069\u5f53\u306b\u6761\u4ef6\u8ffd\u52a0\u3057\u3066\u30d5\u30a3\u30eb\u30bf\u30fc\u3057\u305f\u308a\u3057\u3066\u3044\u305f\u3060\u3051\u308c\u3070\u3068\u3002<\/p>\n\n\n\n
\n# \u5404\u7a2e\u30d1\u30e9\u30e1\u30fc\u30bf\u30fc (\u8981\u5909\u66f4)\n$ResourceGroupName = "RG-Name"\n$StorageName = "StrName"\n$LogPath = "C:\\Users\\UserName\\Desktop\\NsgFlowLog\\" # \u4f5c\u6210\u6e08\u307f\u306e\u30d5\u30a9\u30eb\u30c0\u3092\u6307\u5b9a\u3001\u672b\u5c3e\u306b \\ \u304c\u5fc5\u8981\n$ResultPath = "C:\\Users\\UserName\\Desktop\\NsgFlowLog\\" # \u540c\u4e0a\n\n# Azure Storage \u3078\u306e\u30a2\u30af\u30bb\u30b9\u7528\u306e\u8a8d\u8a3c\u60c5\u5831\u3092\u53d6\u5f97\n$StorageAccount = Get-AzStorageAccount -ResourceGroupName $ResourceGroupName -Name $StorageName\n$Context = $StorageAccount.Context\n\n# Blob \u304b\u3089 NSG \u30d5\u30ed\u30fc \u30ed\u30b0\u3092\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\nGet-AzStorageBlob -Container "insights-logs-networksecuritygroupflowevent" -Context $Context | Get-AzStorageBlobContent -Destination $LogPath\n\n# \u30d5\u30a1\u30a4\u30eb\u4e00\u89a7\u3092\u53d6\u5f97\n$FileList = Get-ChildItem -Path $LogPath -include *.json -Recurse -Force \n\n# NSG \u30d5\u30ed\u30fc\u30ed\u30b0\u304b\u3089 flowTuples \u306e\u307f\u3092\u62bd\u51fa\n$Records = @("Time Stamp,Source IP,Destination IP,Source Port,Destination Port,Protocol,Traffic Flow,Traffic Decision,Flow State,Packets - Source to destination,Bytes sent - Source to destination,Packets - Destination to source,Bytes sent - Destination to source")\n$Records += $FileList | foreach {(Get-Content -Path $_.FullName | ConvertFrom-Json).records.properties.flows.flows.flowtuples}\n\n# \u5168\u3066\u306e\u30ec\u30b3\u30fc\u30c9\u3092\u62bd\u51fa\u3057\u3066 CSV \u30d5\u30a1\u30a4\u30eb\u3092\u751f\u6210\n$Records | Out-File "$ResultPath\\AllRecords.csv" -Encoding utf8\n\n# \u7279\u5b9a\u306e\u6761\u4ef6\u3092\u6e80\u305f\u3059\u30ec\u30b3\u30fc\u30c9\u3092\u62bd\u51fa\u3057\u3066 CSV \u30d5\u30a1\u30a4\u30eb\u3092\u751f\u6210 ("O,D" \u3059\u306a\u308f\u3061 Outbound \u3067 Deny \u3055\u308c\u305f\u3082\u306e\u3060\u3051\u62bd\u51fa\u3059\u308b\u5834\u5408)\n$Records | Select-String "O,D" | Out-File "$ResultPath\\FilteredRecords.csv" -Encoding utf8\n\n# \u7279\u5b9a\u306e\u6761\u4ef6\u3092\u6e80\u305f\u3059\u30ec\u30b3\u30fc\u30c9\u3092\u62bd\u51fa\u3057\u3066\u753b\u9762\u8868\u793a\n$CSV = ($Records | ConvertFrom-Csv)\n$CSV | where {$_."Destination Port" -eq 443 -and $_."Traffic Flow" -eq "O"} | Format-Table\n<\/pre> <\/p>\n\n\n\n\u306a\u304a\u3001NSG Flow Log \u306e\u30ed\u30b0 \u30d5\u30a9\u30fc\u30de\u30c3\u30c8\u306b\u3064\u3044\u3066\u306f\u3001\u4ee5\u4e0b\u306e\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u306b\u8a18\u8f09\u304c\u3042\u308a\u307e\u3059\u3002TCP \u306f “T”\u3001UDP \u306f “U”\u3001Inbound \u306f “I”\u3001Outbound \u306f “O”\u3001Allow \u306f “A”\u3001Deny \u306f “D” \u3068\u3044\u3063\u305f\u611f\u3058\u306a\u306e\u3067\u3001\u7279\u306b\u96e3\u3057\u304f\u306f\u7121\u3044\u3068\u601d\u3044\u307e\u3059\u304c\u3001\u30d5\u30a3\u30eb\u30bf\u30fc\u3059\u308b\u6587\u5b57\u5217\u306f\u30ed\u30b0 \u30d5\u30a9\u30fc\u30de\u30c3\u30c8\u3092\u8aad\u307f\u3064\u3064\u3044\u3058\u3063\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n\n\n\n
\u203b Windows \u3067\u306f\u30d5\u30a1\u30a4\u30eb \u30d1\u30b9\u304c 260 \u6587\u5b57\u306e\u5236\u7d04\u304c\u3042\u308b\u306e\u3067\u3001\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9 \u30d5\u30a9\u30eb\u30c0\u306f C \u30c9\u30e9\u30a4\u30d6\u76f4\u4e0b\u306a\u3069\u306b\u3059\u308b\u4e8b\u3092\u63a8\u5968\u3057\u307e\u3059\u3002<\/strong><\/p>\n\n\n\n NSG Flow Log \u3092 Azure Storage \u306b\u30a8\u30af\u30b9\u30dd\u30fc\u30c8\u3057\u3066\u304a\u3044…<\/p>\n
https:\/\/docs.microsoft.com\/ja-jp\/windows\/win32\/fileio\/maximum-file-path-limitation?tabs=cmd<\/a><\/li><\/ul>\n","protected":false},"excerpt":{"rendered":"