diff --git a/src/core/saca-hub/main.tf b/src/core/saca-hub/main.tf
index 030013f69..0cf864f19 100644
--- a/src/core/saca-hub/main.tf
+++ b/src/core/saca-hub/main.tf
@@ -66,15 +66,3 @@ module "saca-firewall" {
     DeploymentName = var.deploymentname
   }
 }
-
-module "saca-networkwatcher" {
-  count  = var.create_network_watcher == true ? 1 : 0
-  source = "../../modules/networkwatcher"
-
-  name_prefix = module.saca-hub-network.resource_group_name
-  location    = module.saca-hub-network.resource_group_location
-
-  tags = {
-    DeploymentName = var.deploymentname
-  }
-}
diff --git a/src/core/saca-hub/saca-hub.tfvars.sample b/src/core/saca-hub/saca-hub.tfvars.sample
index 92d4a53aa..e3be19f9a 100644
--- a/src/core/saca-hub/saca-hub.tfvars.sample
+++ b/src/core/saca-hub/saca-hub.tfvars.sample
@@ -24,6 +24,4 @@ tier2_vnetname     = "{TIER2_VNETNAME}"
 firewall_address_space = "{SACA_FWSPACE}"
 saca_fwname          = "{SACA_FWNAME}"
 firewall_ipconfig_name = "{SACA_FWIPCONFIGNAME}"
-public_ip_name         = "{SACA_FWPIPNAME}"
-
-create_network_watcher = false
+public_ip_name         = "{SACA_FWPIPNAME}"
\ No newline at end of file
diff --git a/src/core/tier-0/main.tf b/src/core/tier-0/main.tf
index 201c7e2a2..13e0435b0 100644
--- a/src/core/tier-0/main.tf
+++ b/src/core/tier-0/main.tf
@@ -117,15 +117,3 @@ module "t0-outbound-peering" {
     DeploymentName = var.deploymentname
   }
 }
-
-module "t0-networkwatcher" {
-  count  = var.create_network_watcher == true ? 1 : 0
-  source = "../../modules/networkwatcher"
-
-  name_prefix = module.t0-network.resource_group_name
-  location    = module.t0-network.resource_group_location
-
-  tags = {
-    DeploymentName = var.deploymentname
-  }
-}
diff --git a/src/core/tier-0/tier-0.tfvars.sample b/src/core/tier-0/tier-0.tfvars.sample
index a101625a9..2d36aff38 100644
--- a/src/core/tier-0/tier-0.tfvars.sample
+++ b/src/core/tier-0/tier-0.tfvars.sample
@@ -57,6 +57,4 @@ subnets = {
 
     routetable_name = "{TIER0_SUBNETVM_RTNAME}"
   }
-}
-
-create_network_watcher = false
+}
\ No newline at end of file
diff --git a/src/core/tier-1/main.tf b/src/core/tier-1/main.tf
index 08b34dd8e..49e0c4e99 100644
--- a/src/core/tier-1/main.tf
+++ b/src/core/tier-1/main.tf
@@ -117,15 +117,3 @@ module "t1-outbound-peering" {
     DeploymentName = var.deploymentname
   }
 }
-
-module "t1-networkwatcher" {
-  count  = var.create_network_watcher == true ? 1 : 0
-  source = "../../modules/networkwatcher"
-
-  name_prefix = module.t1-network.resource_group_name
-  location    = module.t1-network.resource_group_location
-
-  tags = {
-    DeploymentName = var.deploymentname
-  }
-}
diff --git a/src/core/tier-1/tier-1.tfvars.sample b/src/core/tier-1/tier-1.tfvars.sample
index a8fb5bd75..4ecd0cbdd 100644
--- a/src/core/tier-1/tier-1.tfvars.sample
+++ b/src/core/tier-1/tier-1.tfvars.sample
@@ -57,6 +57,4 @@ subnets = {
 
     routetable_name = "{TIER1_SUBNETVM_RTNAME}"
   }
-}
-
-create_network_watcher = false
+}
\ No newline at end of file
diff --git a/src/core/tier-2/main.tf b/src/core/tier-2/main.tf
index be08aa997..1b5d8b36c 100644
--- a/src/core/tier-2/main.tf
+++ b/src/core/tier-2/main.tf
@@ -117,15 +117,3 @@ module "t2-outbound-peering" {
     DeploymentName = var.deploymentname
   }
 }
-
-module "t2-networkwatcher" {
-  count  = var.create_network_watcher == true ? 1 : 0
-  source = "../../modules/networkwatcher"
-
-  name_prefix = module.t2-network.resource_group_name
-  location    = module.t2-network.resource_group_location
-
-  tags = {
-    DeploymentName = var.deploymentname
-  }
-}
diff --git a/src/core/tier-2/tier-2.tfvars.sample b/src/core/tier-2/tier-2.tfvars.sample
index 976c59328..d5817db2f 100644
--- a/src/core/tier-2/tier-2.tfvars.sample
+++ b/src/core/tier-2/tier-2.tfvars.sample
@@ -57,6 +57,4 @@ subnets = {
 
     routetable_name = "{TIER2_SUBNETVM_RTNAME}"
   }
-}
-
-create_network_watcher = false
+}
\ No newline at end of file
diff --git a/src/modules/networkwatcher/main.tf b/src/modules/networkwatcher/main.tf
deleted file mode 100644
index 40e92ffd9..000000000
--- a/src/modules/networkwatcher/main.tf
+++ /dev/null
@@ -1,14 +0,0 @@
-# Copyright (c) Microsoft Corporation.
-# Licensed under the MIT License.
-resource "azurerm_resource_group" "networkwatcher" {
-  name     = "${var.name_prefix}-networkwatcher-rg"
-  location = var.location
-  tags     = var.tags
-}
-
-resource "azurerm_network_watcher" "networkwatcher" {
-  name                = "${var.name_prefix}-networkwatcher"
-  location            = azurerm_resource_group.networkwatcher.location
-  resource_group_name = azurerm_resource_group.networkwatcher.name
-  tags                = var.tags
-}
diff --git a/src/modules/networkwatcher/output.tf b/src/modules/networkwatcher/output.tf
deleted file mode 100644
index 59e481eb9..000000000
--- a/src/modules/networkwatcher/output.tf
+++ /dev/null
@@ -1,2 +0,0 @@
-# Copyright (c) Microsoft Corporation.
-# Licensed under the MIT License.
diff --git a/src/modules/networkwatcher/variables.tf b/src/modules/networkwatcher/variables.tf
deleted file mode 100644
index 01da14d08..000000000
--- a/src/modules/networkwatcher/variables.tf
+++ /dev/null
@@ -1,17 +0,0 @@
-# Copyright (c) Microsoft Corporation.
-# Licensed under the MIT License.
-variable name_prefix {
-  description = "A prefix for naming network watcher resources"
-  type        = string
-}
-
-variable location {
-  description = "Location for network watcher resources (only one Azure Network Watcher per-sub-per-region)"
-  type        = string
-}
-
-variable "tags" {
-  description = "A map of tags to add to all resources"
-  type        = map(string)
-  default     = {}
-}
diff --git a/src/modules/subnet/main.tf b/src/modules/subnet/main.tf
index 99c519bb6..326d848de 100644
--- a/src/modules/subnet/main.tf
+++ b/src/modules/subnet/main.tf
@@ -1,5 +1,6 @@
 # Copyright (c) Microsoft Corporation.
 # Licensed under the MIT License.
+
 resource "azurerm_subnet" "subnet" {
   name                 = var.name
   resource_group_name  = var.resource_group_name
@@ -84,3 +85,17 @@ resource "azurerm_monitor_diagnostic_setting" "nsg" {
     }
   }
 }
+
+resource "azurerm_network_watcher_flow_log" "nsgfl" {
+  network_watcher_name = "NetworkWatcher_${var.location}"
+  resource_group_name  = "NetworkWatcherRG"
+
+  network_security_group_id = azurerm_network_security_group.nsg.id
+  storage_account_id        = var.log_analytics_storage_id
+  enabled                   = true
+
+  retention_policy {
+    enabled = true
+    days    = var.flow_log_retention_in_days
+  }
+}
diff --git a/src/modules/subnet/variables.tf b/src/modules/subnet/variables.tf
index a2bce8a74..98d13de12 100644
--- a/src/modules/subnet/variables.tf
+++ b/src/modules/subnet/variables.tf
@@ -70,3 +70,8 @@ variable "log_analytics_storage_id" {
 variable "log_analytics_workspace_id" {
   description = "The id of the log analytics workspace"
 }
+
+variable "flow_log_retention_in_days" {
+  description = "The number of days to retain flow log data"
+  default     = "7"
+}