Open In App

Microsoft Azure – Troubleshoot Azure VM Inbound and Outbound Connections

Improve
Improve
Like Article
Like
Save
Share
Report

In this article, we will be using the Azure KQL Query to troubleshoot Azure Virtual Machine Connections of Inbound and Outbound traffic from various Sources and Destinations for Monitoring and Analysis.

VMConnection KQL operator helps to Monitor Traffic for inbound and outbound connections to and from Azure Servers.

KQL Query:

To troubleshoot the VM Connections of Inbound and Outbound for the past 10 min

VMConnections
| TimeGenerated > ago(10m)

To troubleshoot the VM Connections of Inbound and Outbound for the past 1 hour

VMConnections
| TimeGenerated > ago(1h)

To troubleshoot the VM Connections of Inbound and Outbound for the past 1 day

VMConnections
| TimeGenerated > ago(1d)

Note: Change your time span according to your needs for the following examples.

Example 1: Monitor Traffic from all the Azure Server from the select scope with properties of Computer, Process Name, Source IP, Destination IP, Destination Port and Protocol for the past 1 hour.

VMConnection
| where TimeGenerated > ago(1h)
| summarize by Computer, ProcessName, SourceIp, DestinationIp, DestinationPort, Protocol

this query returns the properties of Computer, Process Name, Source IP, Destination IP, Destination Port and Protocol from select scope.

Output:

Example 2: Monitor Traffic from a select/specified Azure Server with properties of Computer, Process Name, Source IP, Destination IP, Destination Port and Protocol for the past 1 hour.

VMConnection
| where TimeGenerated > ago(1h)
| summarize by Computer, ProcessName, SourceIp, DestinationIp, DestinationPort, Protocol
| where Computer has "_add_Azure_VM_Name_"

this query returns the properties of Computer, Process Name, Source IP, Destination IP, Destination Port and Protocol of specified azure server for the past 1 hour.

Output:

Example 3: Monitor Traffic for inbound from select/specified Azure Server for the past 1 hour.

VMConnection
| where TimeGenerated > ago(1h)
| where Direction has "Inbound"
| summarize by Computer,ProcessName,Direction,SourceIp,DestinationIp,DestinationPort,Protocol
| where Computer has "_add_Azure_VM_Name_"

this query returns the properties of Computer, Process Name, Source IP, Destination IP, Destination Port and Protocol of specified azure server with Inbound traffic for the past 1 hour.

Output:

Example 4: Monitor Traffic for outbound from select/specified Azure Server for the past 1 hour.

VMConnection
| where TimeGenerated > ago(1h)
| where Direction has "Outbound"
| summarize by Computer,ProcessName,Direction,SourceIp,DestinationIp,DestinationPort,Protocol
| where Computer has "_add_Azure_VM_Name_"

this query returns the properties of Computer, Process Name, Source IP, Destination IP, Destination Port and Protocol of specified azure server with Outbound traffic for the past 1 hour.

Output:

Example 5: Monitor Traffic for both inbound and outbound from select/specified Azure Server for the past 1 hour.

VMConnection
| where TimeGenerated > ago(1h)
| where Direction has "Inbound" or Direction has "Outbound"
| summarize by Computer,ProcessName,Direction,SourceIp,DestinationIp,DestinationPort,Protocol
| where Computer has "_add_Azure_VM_Name_"

this query returns the properties of Computer, Process Name, Source IP, Destination IP, Destination Port and Protocol of specified azure server with both Inbound and Outbound traffic for the past 1 hour.

Output:


Last Updated : 03 Apr, 2023
Like Article
Save Article
Previous
Next
Share your thoughts in the comments
Similar Reads