"Unable to fetch flows from any Azure NSG" error seen in data source for VCF Operations for Networks
Article ID: 406752
Updated On:
Products
VCF Operations for Networks
Issue/Introduction
- After Azure public cloud data source was added with correct permissions per Add Microsoft Azure documentation, the Azure subscription data source is not collecting flow logs.
- Post-configuration the error "Unable to fetch flows from any Azure NSG" displays in the Data Sources page for that Microsoft Azure Subscription data source.
Note: VCF Operations for Networks was formerly named Aria Operations for Networks (AON), and prior to that was named vRealize Network Insight (vRNI).
Environment
Aria Operations for Networks 6.13
Aria Operations for Networks 6.14
Aria Operations for Networks 6.14.1
VCF Operations for Networks 9.0
Cause
- When configuring flow logs in Azure as per Enable NSG Flow Log, the Network security group option (required by VCF Operations for Networks) is no longer available and the following alert is displayed:
On 30 September 2027, Network security group (NSG) flow logs in Azure Network Watch will be retired. As part of this retirement, you'll no longer be able to create new NSG flow logs starting 30 June 2025. To avoid service disruptions, migrate to virtual network flow logs by 30 September 2027.
- The VCF Operations for Networks feature for Azure subscription data sources is designed to consume Azure networks security groups, not virtual networks, so if NSG flow logs cannot be configured in the Azure subscription, then Aria Operations for Networks cannot capture those flow logs.
Resolution
Consuming flow logs from Azure subscription virtual networks is not currently supported.
Feedback
Yes
No
Powered by
