-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathConfigureNSGFlowLog_Prod.txt
56 lines (47 loc) · 2.87 KB
/
ConfigureNSGFlowLog_Prod.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
try {
Write-Host -ForegroundColor Blue "Checking if already logged in!"
(Get-AzContext).Account.ID | Out-Null
Write-Host -ForegroundColor Blue "Already logged in, continuing..."
} catch {
Write-Host -ForegroundColor Blue "Not logged in, please login..."
Login-AzAccount
}
#Get East 2 Storage Account
#Set-AzContext -SubscriptionName "CVS-SECUREHUB000"
#$stor_EUS2 = Get-AzStorageAccount -ResourceGroupName 'RG-cvsnsgflhub000' -AccountName 'sacvsnsgflhub000'
#Get Central US Storage Account
#Set-AzContext -SubscriptionName "CVS-SECUREHUB001"
#$stor_CUS = Get-AzStorageAccount -ResourceGroupName 'RG-cvsnsgflhub000' -AccountName 'sacvsnsgflhubusc000'
#$rmSubs = @('SUB-HCB-ACN-PROD',
'PBM ACN Production',
'SUB-CORP-ACN-PROD',
'PBM ACN PCI Production',
'SUB-CORP-WIZARD',
'SUB-PBM-ACN-PROD',
'Retail ACN Production')
#$rmSubs = @('PBM ACN Non-Production',
# 'SUB-HCB-ACN-NONPROD',
# 'SUB-CORP-ACN-NONPROD',
# 'SUB-PBM-ACN-NONPROD',
# 'Retail ACN Non-Production')
foreach ($sub in $rmSubs) {
if (((Get-AzContext).Subscription).Name -ne $sub) { Select-AzSubscription -SubscriptionName $sub }
$nw_cus = Get-AzNetworkWatcher -ResourceGroupName NetworkWatcherRg -Name NetworkWatcher_centralus -EA SilentlyContinue
$nw_eus2 = Get-AzNetworkWatcher -ResourceGroupName NetworkWatcherRg -Name NetworkWatcher_eastus2 -EA SilentlyContinue
$nsgs_cus = Get-AzNetworkSecurityGroup | Where-Object {$_.Location -eq "centralus"}
$nsgs_eus2 = Get-AzNetworkSecurityGroup | Where-Object {$_.Location -eq "eastus2"}
#set flowlog for CentralUS NSGs
Write-Host -ForegroundColor Blue "Setting NSG Flow Logs for Central US in $($sub)"
foreach($nsg in $nsgs_cus){
Write-Host -ForegroundColor Green "Setting NSG Flow Logs for $($nsg.Name) in $($sub)"
Set-AzNetworkWatcherConfigFlowLog -NetworkWatcher $nw_cus -TargetResourceId $nsg.Id -StorageAccountId $stor_CUS.Id -EnableFlowLog $true -FormatType Json -FormatVersion 2 -EnableRetention $true -RetentionInDays 120 -EA SilentlyContinue | Out-Null
}
#set flowlogs for EastUS2 NSGs
Write-Host -ForegroundColor Blue "Setting NSG Flow Logs for East US 2 NSGs in $($sub)"
foreach($nsg in $nsgs_eus2){
Write-Host -ForegroundColor Green "Setting NSG Flow Logs for $($nsg.Name) in $($sub)"
Set-AzNetworkWatcherConfigFlowLog -NetworkWatcher $nw_eus2 -TargetResourceId $nsg.Id -StorageAccountId $stor_EUS2.Id -EnableFlowLog $true -FormatType Json -FormatVersion 2 -EnableRetention $true -RetentionInDays 120 -EA SilentlyContinue | Out-Null
}
Write-Host -ForegroundColor Blue "Completed setting NSG Flow Logs in Subscription $($sub)"
}
Write-Host -ForegroundColor Blue "***End of Script Run***"