You are here
Host Template: Cloud - Azure - Network Watcher - VM Security Rules
This host template is one of 31 developed by Opsview to provide the most comprehensive Azure monitoring in the industry.
Azure Network Watchers allow you to monitor, diagnose, view metrics, and enable or disable logs for resources in an Azure virtual network. You can monitor communication between virtual machines and endpoints, and view the relationships between resources in a virtual network. Additionally, you can capture packets, troubleshoot and diagnose problems inside a virtual network.
This Host Template allows you to get information on the security rules present for a target VM.
This Host Template includes the following Service Checks:
Service Check Name | Description | Default Thresholds (Warning, Critical) | UOM |
---|---|---|---|
Azure - Network Watcher - VM Security Rules | Display the list of network security rules for a VM if there are fewer rules than the display maximum, otherwise display the number of rules. Returns a warning when the total rule count is NOT equal to the warning threshold [Default Timespan = 5mins, Default Check Interval = 5mins] | N/A | NA |
NOTE: The "Default Timespan" given for these Service Checks refers to the time period we use when retrieving metrics from Azure.
NOTE: See details about Nagios thresholds here.
Usage Instructions
To use this Host Template you will need to provide access to the subscription you wish to monitor
Navigate to the Subscriptions section and select your Subscription.
In the Subscription to be monitored, click Access Control (IAM).
Then click the Add button, select the required role and select the application, once for each of the following roles: * Reader * Network Contributor * Storage Account Contributor
Repeat these steps for each subscription you wish to monitor.
Step 1: Add this Host Template
Add the Cloud - Azure - Network Watcher - VM Security Rules Host Template to your Opsview Monitor host. If the resource you're monitoring has no hostname or public IP, then open the Advanced settings pane and change Host Check Command to Always assumed to be UP.
For more information, refer to Opsview Knowledge Center - Adding Host Templates to Hosts.
Step 2: Add and configure variables required for this Host Template
The Service Checks in this Host Template use the following variables, and they will be added to your Opsview Monitor instance when you import the Opspack:
AZURE_CREDENTIALS
The Value is not used and therefore can be set to anything. Override the arguments with your Azure Credentials.
Parameter | Position in Variable | Name | Description |
---|---|---|---|
--subscription-id | Arg1 | Subscription ID | The Subscription ID of your Azure Subscription |
--client-id | Arg2 | Client ID | The Client ID of your Azure Subscription |
--secret-key | Arg3 | Secret Key | The Secret Key of your Azure Subscription |
--tenant-id | Arg4 | Tenant ID | The Tenant ID of your Azure Subscription |
AZURE_NETWORK_WATCHER_DETAILS
The Value is not used and therefore can be set to anything. Override the arguments with your Azure Network Watcher Details.
Note that your Network Watchers will by default be located in the 'NetworkWatcherRG' Resource Group:
When Network Watchers are created, by default they are called 'NetworkWatcher_{region}' e.g. 'NetworkWatcher_uksouth'.
For more information, see Microsoft Azure - Create a Network Watcher.
Your Network Watcher names and Resource Group could differ if not created via the Portal, or moved manually, so ensure the arguments you provide are correct for the Network Watcher you want to monitor.
Parameter | Position in Variable | Name | Description |
---|---|---|---|
--network-watcher-group | Arg1 | Network Watcher Resource Group | Name of the Azure Network resource group to be monitored |
--network-watcher-name | Arg2 | Network Watcher Resource Name | Name of the Azure Network resource to be monitored |
--max-display-number | Arg3 | Maximum Display Number | The maximum number of list items to display for Network Watcher Service Checks |
AZURE_RESOURCE_DETAILS
The Value is not used and therefore can be set to anything. Override the arguments with your Azure Resource Details.
Parameter | Position in Variable | Name | Description |
---|---|---|---|
--resource-group | Arg1 | Resource Group | Name of the Azure resource group to be monitored |
--resource-name | Arg2 | Resource Name | Name of the Azure resource to be monitored |
For more information, refer to Opsview Knowledge Center - Adding Variables to Hosts.
For mode-specific help, run the plugin with the -h -m <mode>
flags. This will list the required and optional Variable Arguments for that mode. The appropriate mode for each Service Check is listed here:
Service Check Name | Mode |
---|---|
Azure - Network Watcher - VM Security Rules | Az.Network.Watcher.VM.Security.Rules |