> For the complete documentation index, see [llms.txt](https://docs.sprinto.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.sprinto.com/monitors/audit-logs-and-evidence-trails/how-to-resolve-sprinto-check-for-enabling-nsg-flow-logs-on-azure.md).

# How to resolve Sprinto check for enabling Azure Virtual Network flow logs

### **About**

**Sprinto Check:** Azure virtual network flow logs should be captured

Sprinto verifies that Azure network traffic is logged to ensure visibility into ingress and egress activity for security monitoring and investigations.\
As Azure has deprecated **Network Security Group (NSG) flow logs**, Sprinto now evaluates **Virtual Network flow logs** directly.

This article explains how to enable Virtual Network flow logs in Azure and re-evaluate the check in Sprinto so the monitor passes successfully.

***

### Prerequisites

Before you begin, ensure that:

* You have **Contributor** or higher access in the Azure subscription
* **Network Watcher** is enabled in the Azure region
* At least one **Virtual Network**, **Subnet**, or **Network Interface** exists
* A **Storage Account** is available to store flow logs
* You have access to the **Sprinto dashboard**

***

### Procedure

#### Enable Virtual Network flow logs (Azure portal)

1. Sign in to the **Microsoft Azure portal.**
2. From the home page, select **Network Watcher.**

<figure><img src="/files/pAVJUgXHG0kvjEgVOXdu" alt="" width="563"><figcaption></figcaption></figure>

3. In the left navigation, select **Flow logs.**
4. Click **Create.**

<figure><img src="/files/eXGmQwTE8hulpBrIORnm" alt="" width="563"><figcaption></figcaption></figure>

5. Under **Project details,** select the required **Subscription.**
6. Under **Flow log type,** select **Virtual network.**

<figure><img src="/files/Gxu9G94umF9cUMNlPIQW" alt="" width="563"><figcaption></figcaption></figure>

{% hint style="warning" %}
Network Security Group flow logs are deprecated and cannot be selected
{% endhint %}

7. Click **Select target resource and** choose **Virtual network.**
8. Select one or more virtual networks and click **Confirm selection.**

<figure><img src="/files/s7A7dBGd9Z7GTpTN5y1Y" alt="" width="563"><figcaption></figcaption></figure>

9. Under **Instance details,** select a **Storage account.**
10. Set **Retention (days)** to a value greater than 0.

<figure><img src="/files/WeSU9Zb1pd6rperOsELJ" alt="" width="563"><figcaption></figcaption></figure>

11. Click **Review + create.**
12. Review the configuration and click **Create.**

<figure><img src="/files/NDScOpYWCnlv4FHJWSW4" alt="" width="563"><figcaption></figcaption></figure>

Azure will now start capturing Virtual Network flow logs.

***

#### Re-evaluate the check (Sprinto dashboard)

1. Log in to the **Sprinto dashboard.**
2. Navigate to **Monitoring.**

<figure><img src="/files/5lNqvbPDI0eEiZYfBETj" alt="" width="563"><figcaption></figcaption></figure>

1. Locate the Azure flow log–related check.
2. Open the check details page.
3. Click **Evaluate now.**

Sprinto fetches the updated configuration from Azure and updates the check status accordingly.

***

### Key notes

* Sprinto no longer relies on **Network Security Group flow logs.**
* Virtual Network flow logs automatically cover:
  * Subnets
  * Network interfaces
* If flow logs are enabled at:
  * The virtual network level **or**
  * All associated subnets or network interfaces\
    the check passes.
* **Retention days must be greater than 0.**
* After enabling flow logs, always re-run the check using **Evaluate now.**


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.sprinto.com/monitors/audit-logs-and-evidence-trails/how-to-resolve-sprinto-check-for-enabling-nsg-flow-logs-on-azure.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.