You are here

Azure Network Watcher VM Security Rules

Requires Opsview Cloud or Opsview Monitor 6
check_circle
Opsview Supported

Host Template: Cloud - Azure - Network Watcher - VM Security Rules

This host template is one of 31 developed by Opsview to provide the most comprehensive Azure monitoring in the industry.

Azure Network Watchers allow you to monitor, diagnose, view metrics, and enable or disable logs for resources in an Azure virtual network. You can monitor communication between virtual machines and endpoints, and view the relationships between resources in a virtual network. Additionally, you can capture packets, troubleshoot and diagnose problems inside a virtual network.

This Host Template allows you to get information on the security rules present for a target VM.

This Host Template includes the following Service Checks:

Service Check Name Description Default Thresholds (Warning, Critical) UOM
Azure - Network Watcher - VM Security Rules Display the list of network security rules for a VM if there are fewer rules than the display maximum, otherwise display the number of rules. Returns a warning when the total rule count is NOT equal to the warning threshold [Default Timespan = 5mins, Default Check Interval = 5mins] N/A NA

NOTE: The "Default Timespan" given for these Service Checks refers to the time period we use when retrieving metrics from Azure.

NOTE: See details about Nagios thresholds here.

Usage Instructions

To use this Host Template you will need to provide access to the subscription you wish to monitor

Navigate to the Subscriptions section and select your Subscription.

In the Subscription to be monitored, click Access Control (IAM).

Then click the Add button, select the required role and select the application, once for each of the following roles: * Reader * Network Contributor * Storage Account Contributor

Azure Add Subscription Step 1

Azure Add Subscription Step 2

Repeat these steps for each subscription you wish to monitor.

Step 1: Add this Host Template

Add the Cloud - Azure - Network Watcher - VM Security Rules Host Template to your Opsview Monitor host. If the resource you're monitoring has no hostname or public IP, then open the Advanced settings pane and change Host Check Command to Always assumed to be UP.

For more information, refer to Opsview Knowledge Center - Adding Host Templates to Hosts.

Step 2: Add and configure variables required for this Host Template

The Service Checks in this Host Template use the following variables, and they will be added to your Opsview Monitor instance when you import the Opspack:

AZURE_CREDENTIALS

The Value is not used and therefore can be set to anything. Override the arguments with your Azure Credentials.

Parameter Position in Variable Name Description
--subscription-id Arg1 Subscription ID The Subscription ID of your Azure Subscription
--client-id Arg2 Client ID The Client ID of your Azure Subscription
--secret-key Arg3 Secret Key The Secret Key of your Azure Subscription
--tenant-id Arg4 Tenant ID The Tenant ID of your Azure Subscription

AZURE_NETWORK_WATCHER_DETAILS

The Value is not used and therefore can be set to anything. Override the arguments with your Azure Network Watcher Details.

Note that your Network Watchers will by default be located in the 'NetworkWatcherRG' Resource Group:

Azure Network Watchers Resource Group

When Network Watchers are created, by default they are called 'NetworkWatcher_{region}' e.g. 'NetworkWatcher_uksouth'.

For more information, see Microsoft Azure - Create a Network Watcher.

Azure Network Watchers

Your Network Watcher names and Resource Group could differ if not created via the Portal, or moved manually, so ensure the arguments you provide are correct for the Network Watcher you want to monitor.

Parameter Position in Variable Name Description
--network-watcher-group Arg1 Network Watcher Resource Group Name of the Azure Network resource group to be monitored
--network-watcher-name Arg2 Network Watcher Resource Name Name of the Azure Network resource to be monitored
--max-display-number Arg3 Maximum Display Number The maximum number of list items to display for Network Watcher Service Checks

AZURE_RESOURCE_DETAILS

The Value is not used and therefore can be set to anything. Override the arguments with your Azure Resource Details.

Parameter Position in Variable Name Description
--resource-group Arg1 Resource Group Name of the Azure resource group to be monitored
--resource-name Arg2 Resource Name Name of the Azure resource to be monitored

For more information, refer to Opsview Knowledge Center - Adding Variables to Hosts.

For mode-specific help, run the plugin with the -h -m <mode> flags. This will list the required and optional Variable Arguments for that mode. The appropriate mode for each Service Check is listed here:

Service Check Name Mode
Azure - Network Watcher - VM Security Rules Az.Network.Watcher.VM.Security.Rules

Step 3: Apply changes and the system will now be monitored

Azure Network Watcher VM Security Rules Service Checks