Microsoft Azure - Troubleshoot Azure VM Inbound and Outbound Connections
Last Updated :
03 Apr, 2023
In this article, we will be using the Azure KQL Query to troubleshoot Azure Virtual Machine Connections of Inbound and Outbound traffic from various Sources and Destinations for Monitoring and Analysis.
VMConnection KQL operator helps to Monitor Traffic for inbound and outbound connections to and from Azure Servers.
KQL Query:
To troubleshoot the VM Connections of Inbound and Outbound for the past 10 min
VMConnections
| TimeGenerated > ago(10m)
To troubleshoot the VM Connections of Inbound and Outbound for the past 1 hour
VMConnections
| TimeGenerated > ago(1h)
To troubleshoot the VM Connections of Inbound and Outbound for the past 1 day
VMConnections
| TimeGenerated > ago(1d)
Note: Change your time span according to your needs for the following examples.
Example 1: Monitor Traffic from all the Azure Server from the select scope with properties of Computer, Process Name, Source IP, Destination IP, Destination Port and Protocol for the past 1 hour.
VMConnection
| where TimeGenerated > ago(1h)
| summarize by Computer, ProcessName, SourceIp, DestinationIp, DestinationPort, Protocol
this query returns the properties of Computer, Process Name, Source IP, Destination IP, Destination Port and Protocol from select scope.
Output:
Example 2: Monitor Traffic from a select/specified Azure Server with properties of Computer, Process Name, Source IP, Destination IP, Destination Port and Protocol for the past 1 hour.
VMConnection
| where TimeGenerated > ago(1h)
| summarize by Computer, ProcessName, SourceIp, DestinationIp, DestinationPort, Protocol
| where Computer has "_add_Azure_VM_Name_"
this query returns the properties of Computer, Process Name, Source IP, Destination IP, Destination Port and Protocol of specified azure server for the past 1 hour.
Output:
Example 3: Monitor Traffic for inbound from select/specified Azure Server for the past 1 hour.
VMConnection
| where TimeGenerated > ago(1h)
| where Direction has "Inbound"
| summarize by Computer,ProcessName,Direction,SourceIp,DestinationIp,DestinationPort,Protocol
| where Computer has "_add_Azure_VM_Name_"
this query returns the properties of Computer, Process Name, Source IP, Destination IP, Destination Port and Protocol of specified azure server with Inbound traffic for the past 1 hour.
Output:
Example 4: Monitor Traffic for outbound from select/specified Azure Server for the past 1 hour.
VMConnection
| where TimeGenerated > ago(1h)
| where Direction has "Outbound"
| summarize by Computer,ProcessName,Direction,SourceIp,DestinationIp,DestinationPort,Protocol
| where Computer has "_add_Azure_VM_Name_"
this query returns the properties of Computer, Process Name, Source IP, Destination IP, Destination Port and Protocol of specified azure server with Outbound traffic for the past 1 hour.
Output:
Example 5: Monitor Traffic for both inbound and outbound from select/specified Azure Server for the past 1 hour.
VMConnection
| where TimeGenerated > ago(1h)
| where Direction has "Inbound" or Direction has "Outbound"
| summarize by Computer,ProcessName,Direction,SourceIp,DestinationIp,DestinationPort,Protocol
| where Computer has "_add_Azure_VM_Name_"
this query returns the properties of Computer, Process Name, Source IP, Destination IP, Destination Port and Protocol of specified azure server with both Inbound and Outbound traffic for the past 1 hour.
Output:
Similar Reads
DevOps Tutorial DevOps is a combination of two words: "Development" and "Operations." It’s a modern approach where software developers and software operations teams work together throughout the entire software life cycle.The goals of DevOps are:Faster and continuous software releases.Reduces manual errors through a
7 min read
Introduction
What is DevOps ?DevOps is a modern way of working in software development in which the development team (who writes the code and builds the software) and the operations team (which sets up, runs, and manages the software) work together as a single team.Before DevOps, the development and operations teams worked sepa
10 min read
DevOps LifecycleThe DevOps lifecycle is a structured approach that integrates development (Dev) and operations (Ops) teams to streamline software delivery. It focuses on collaboration, automation, and continuous feedback across key phases planning, coding, building, testing, releasing, deploying, operating, and mon
10 min read
The Evolution of DevOps - 3 Major Trends for FutureDevOps is a software engineering culture and practice that aims to unify software development and operations. It is an approach to software development that emphasizes collaboration, communication, and integration between software developers and IT operations. DevOps has come a long way since its in
7 min read
Version Control
Continuous Integration (CI) & Continuous Deployment (CD)
Containerization
Orchestration
Infrastructure as Code (IaC)
Monitoring and Logging
Microsoft Teams vs Slack Both Microsoft Teams and Slack are the communication channels used by organizations to communicate with their employees. Microsoft Teams was developed in 2017 whereas Slack was created in 2013. Microsoft Teams is mainly used in large organizations and is integrated with Office 365 enhancing the feat
4 min read
Security in DevOps