Should I enable diagnostics on an internal Load Balancer or NSG on the subnet to get info on IP Addresses that connect to an internal Load Balancer ?

@Shridhar Srinivasan

Thank you for reaching out.

If I understand correctly, you wish get information on the source IP address of the traffic going through your internal load balancer.

I think going the NSG route will be a better option here as you will be able enable NSG Flow logs. Network security groups flow logging is a feature of Azure Network Watcher that allows you to log information about IP traffic flowing through a network security group. You need to know the current state of the network, who's connecting, and where users are connecting from. You also need to know which ports are open to the internet, what network behavior is expected, what network behavior is irregular, and when sudden rises in traffic happen.

Flow logs are the source of truth for all network activity in your cloud environment. Whether you're in a startup that's trying to optimize resources or a large enterprise that's trying to detect intrusion, flow logs can help. You can use them for optimizing network flows, monitoring throughput, verifying compliance, detecting intrusions, and more.

[Addition]:

Using Azure Load Balancer diagnostics, you cannot get the source IP address of the traffic going through an internal load balancer.

Hope this helps! Please let me know if you have any additional questions. Thank you!

​​Please "Accept the answer" if the information helped you. This will help us and others in the community as well.