About VM Monitoring on Azure

Learn how the VM Monitoring solution helps you monitor assets in your Azure deployment.
As you deploy or terminate virtual machines in the Azure public cloud, you can use the VM Monitoring solution for Azure to consistently enforce security policy rules on these workloads.
The VM Monitoring solution on Azure uses a VM Monitoring script that runs on a virtual machine in the Azure public cloud environment. The operating system of the virtual machine that the script runs on, must be Red Hat Enterprise Linux (RHEL) 7.4 with Python version 2.7.5. The script collects the IP address to tag mappings for all your Azure assets and uses the Azure and PAN-OS APIs to register the VM information—IP address to tag mapping—on the firewalls you specify. You can specify one or more virtual systems on the firewall to which you want to register the VM information.
The solution, which is posted on GitHub, is released under the official support policy of Palo Alto Networks through the support options that you've purchased. The GitHub repository includes two files:
  • Parameters file—The parameters file is named parameters.json. This file allows you to specify details on your Azure subscription, how to authenticate to it, which Azure resources to monitor, and to which firewalls you want to publish the IP address to tag mapping information that the script collects.
  • VM Monitoring script—The VM Monitoring script uses Python and is named run.py. This script collects the IP address-to-tag mapping information for the Azure deployment that you want to monitor and pushes the information to the specified firewalls using the PAN-OS API. The script registers new IP address to tag mapping on the firewalls, and unregisters IP addresses and tags that are deprovisioned in your Azure deployment from the firewall. To prevent overwriting the VM information, make sure that a virtual system receives IP address and tag information from one instance of the script only.
    You must use the management interface on the firewall to communicate with the virtual machine (RHEL instance) that runs the script.
    The script generates 2 sets of log files. The audit log includes all messages, including the API calls and the responses. The error log includes error messages only. The log files require about 30 GB on the hard disk of the virtual machine. The log file is rotated at 1 GB, and a maximum of 30 logs files are stored on disk. If you want persistent log storage, make sure to export or archive the log files to an external location.
You can deploy one or more instances of the virtual machine (RHEL instance) to run the VM Monitoring script that monitors your Azure subscription. Because the script is designed to execute as a cron task, the script executes only when it detects that the process isn’t already running. Therefore, a new cron task does not execute when one is running, and you cannot have multiple instances of the VM Monitoring script run on a single virtual machine (RHEL instance).

Related Documentation