Share via

Per VM traffic Analysis

FunMum 120 Reputation points
2025-04-07T14:54:15.74+00:00

Hello,

I have enabled vNET flow logs. I want to take a VM within a subnet and analyze other virtual machines and PAAS services it is communicating with in order to build fw rules. When I go to to Traffic Analytics, it is only displaying the "Top Talkers". Is there a way to analyze traffic vm by vm using traffic analytics? If so, where do I go to get this data? Thank you.

Azure Network Watcher
Azure Network Watcher
An Azure service that is used to monitor, diagnose, and gain insights into network performance and health.
187 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Deepanshukatara-6769 15,285 Reputation points Moderator
    2025-04-07T15:18:20.9666667+00:00

    Hello , Welcome to MS Q&A

    • Navigate to the Traffic Analytics dashboard in the Azure portal.
    • Use the search bar or filters to specify the VM you are interested in. You can filter by source or destination IP addresses, ports, or protocols to narrow down the traffic data for the specific VM.
    • Once you have filtered the data, you can analyze the communication patterns of the VM with other VMs and PaaS services. This will help you understand the traffic flows and build appropriate firewall rules.

    Also to analyze traffic on a per-VM basis using Traffic Analytics in Azure, you can refer to the following documentation:

    Traffic analytics overview: This document provides an overview of Traffic Analytics, which analyzes Azure Network Watcher flow logs to provide insights into traffic flow in your Azure cloud.

    View topology: This guide explains how to view detailed traffic information about a selected VM using the Traffic tab in the Network Watcher topology.

    Traffic analytics usage scenarios: This document describes various usage scenarios for Traffic Analytics, including visualizing traffic distribution by virtual networks.

    These resources will help you understand how to use Traffic Analytics to drill down into specific VMs and analyze their communication patterns with other VMs and PaaS services.

    Please let us know if it helps

    Also let us know if any further ques

    Thanks

    Deepanshu

    0 comments
  2. Venkat V 1,895 Reputation points Microsoft External Staff Moderator
    2025-04-09T13:42:28.8766667+00:00

    Hi @FunMum

    To analyze per-VM traffic and build effective network rules, you can follow the below approach.

    Enable NSG Flow Logs for the Network Security Groups (NSGs) associated with your VMs, and configure them to store logs in an Azure Storage account.

    • Integrate the flow logs with a Log Analytics workspace, which enables advanced querying and deeper traffic analysis using KQL.

    User's image

    Note: After creating the flow log, it may take some time for the logs to appear in the Log Analytics workspace.

    • Use KQL in Log Analytics to filter traffic data specific to individual VMs, helping you identify communication patterns.

    User's image

    • For better visualization, create custom dashboards that offer interactive charts and graphs to present traffic trends and volume clearly.

    User's image

    User's image

    This setup provides a powerful way to monitor VM-level traffic and fine-tune your firewall or NSG rules accordingly.

    Reference: Log network traffic to and from a virtual machine using the Azure portal

    I hope this helps to resolve your issue. Please feel free to ask any questions if the solution provided isn't helpful.

    Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.