# How to resolve Sprinto check for enabling Azure Virtual Network flow logs
### **About**
**Sprinto Check:** Azure virtual network flow logs should be captured
Sprinto verifies that Azure network traffic is logged to ensure visibility into ingress and egress activity for security monitoring and investigations.\
As Azure has deprecated **Network Security Group (NSG) flow logs**, Sprinto now evaluates **Virtual Network flow logs** directly.
This article explains how to enable Virtual Network flow logs in Azure and re-evaluate the check in Sprinto so the monitor passes successfully.
***
### Prerequisites
Before you begin, ensure that:
* You have **Contributor** or higher access in the Azure subscription
* **Network Watcher** is enabled in the Azure region
* At least one **Virtual Network**, **Subnet**, or **Network Interface** exists
* A **Storage Account** is available to store flow logs
* You have access to the **Sprinto dashboard**
***
### Procedure
#### Enable Virtual Network flow logs (Azure portal)
1. Sign in to the **Microsoft Azure portal.**
2. From the home page, select **Network Watcher.**
3. In the left navigation, select **Flow logs.**
4. Click **Create.**
5. Under **Project details,** select the required **Subscription.**
6. Under **Flow log type,** select **Virtual network.**
{% hint style="warning" %}
Network Security Group flow logs are deprecated and cannot be selected
{% endhint %}
7. Click **Select target resource and** choose **Virtual network.**
8. Select one or more virtual networks and click **Confirm selection.**
9. Under **Instance details,** select a **Storage account.**
10. Set **Retention (days)** to a value greater than 0.
11. Click **Review + create.**
12. Review the configuration and click **Create.**
Azure will now start capturing Virtual Network flow logs.
***
#### Re-evaluate the check (Sprinto dashboard)
1. Log in to the **Sprinto dashboard.**
2. Navigate to **Monitoring.**
1. Locate the Azure flow log–related check.
2. Open the check details page.
3. Click **Evaluate now.**
Sprinto fetches the updated configuration from Azure and updates the check status accordingly.
***
### Key notes
* Sprinto no longer relies on **Network Security Group flow logs.**
* Virtual Network flow logs automatically cover:
* Subnets
* Network interfaces
* If flow logs are enabled at:
* The virtual network level **or**
* All associated subnets or network interfaces\
the check passes.
* **Retention days must be greater than 0.**
* After enabling flow logs, always re-run the check using **Evaluate now.**
.png?alt=media&token=8fdb2c2e-e92e-4102-8305-889db8e9558e)
.png?alt=media&token=707168cd-ca8e-4480-ba75-09c52053658d)
.png?alt=media&token=41425258-2898-4f56-ad1c-3b8e872ac00b)
.png?alt=media&token=01746837-b5aa-469a-8c9a-54e99563df62)
.png?alt=media&token=cd8db276-4461-4307-a7bf-f07fafc0f6a8)
.png?alt=media&token=e662c51d-6948-44b2-90f4-ad5320825ae5)
