ExpressRoute Traffic Collector enables you to capture information about IP flows sent over ExpressRoute direct circuits. You can enable flow logs capture for both Private and Microsoft peering with ExpressRoute Traffic Collector. Captured flow logs data get sent to a Log Analytics workspace where you can create your own log queries for further analysis.
You can use flow logs for various network traffic analysis uses cases. Some of the common use cases are:
- Network monitoring:
- Near real-time visibility into network throughput and performance
- Perform network diagnosis
- Capacity forecasting
- Network usage and cost optimization:
- Analyze traffic trends by filtering sampled flows by IP, port or by applications
- Top talkers for a source IP, destination IP or applications
- Optimize network traffic expenses by analyzing traffic trends
- Network forensics analysis
- Identify compromised IPs by analyzing all the associated network flows
- Export flow logs to a SIEM tool of your choosing to monitor and correlate events
Flow logs collected by ExpressRoute Traffic Collector do not affect network throughput or latency. You can enable or stop flow logs collection without any risk of impact to network performance of a ExpressRoute direct circuit.