❓👂 Question/Feedback - "Configure Diagnostic Settings for all network security groups" provides an unclear explanation.

[NaotakaKawakami]

Question/Feedback

In the following APRL, it is recommended to enable NSG diagnostics settings, which allows the collection of the following logs: However, it is not clearly stated how this contributes to reliability improvement.

https://azure.github.io/Azure-Proactive-Resiliency-Library-v2/azure-resources/Network/networkSecurityGroups/#configure-diagnostic-settings-for-all-network-security-groups

https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-nsg-manage-log#enable-logging

Event: Entries are logged for which NSG rules are applied to virtual machines, based on MAC address. Rule counter: Contains entries for how many times each NSG rule is applied to allow or deny traffic. The status for these rules is collected every 300 seconds.

Possible Answers/Solutions?

I suggest to describe why this is related to reliability.

[oZakari]

@Azure/aprl-networking please review as well if you want to add anything else to long description based upon @NaotakaKawakami feedback, but I think the Potential Benefits provides this information which includes: Enhanced monitoring and security insights

[maheshbenke]

@NaotakaKawakami @oZakari. I agree with Zach, enabling diagnostic logs is the first step to gather data which will be used to perform additional analysis. This analysis will help address various issues proactively or reactively, hence increasing the overall resiliency posture. Potential use-case include Dashboards created from Log data for NOC/SOC Monitoring, Log search alerts for specific patterns indicative of deterioration or loss of service. More Info

Let us know if you have any questions/concerns or suggestions to improve this further.

[oZakari]

As confirmed by @maheshbenke, will close this out for now. @NaotakaKawakami, if you have any additional concerns, please don't hesitate to reach out as we appreciate your feedback!