Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
03-17-2023 06:29 AM - edited 03-17-2023 06:29 AM
Hi Folks,
I'm looking to setup some alerts in Azure based of the PAN-OS custom metrics which are published to Application Insights.
First - Does anyone know if the values published represent a point in time when the metrics are posted or an average since the last post?
Second - It looks to me like the only identifier for the firewall that generated the log entry is customDimensions.InstanceId. This instance Id seems to be a unique ID set in deep in the VMs BIOS, does anybody know how to tie that back to a specific VMid or Name?
Cheers
06-27-2023 03:39 AM
If this helps anyone else:
Does anyone know if the values published represent a point in time when the metrics are posted or an average since the last post?
TAC have confirmed its a point in time measurement when the metrics are posted to app insight.
It looks to me like the only identifier for the firewall that generated the log entry is customDimensions.InstanceId. This instance Id seems to be a unique ID set in deep in the VMs BIOS, does anybody know how to tie that back to a specific VMid or Name?
TAC were pretty useless in answering this...Their SME said to contact Azure for an answer and that it was not a value populated by the plugin. - which is just not true.
From what I can tell the value comes from
show system state | match cfg.platform.instance-id
and would appear to represent (https://azure.microsoft.com/en-us/blog/accessing-and-using-azure-vm-unique-id/) - but that is just a guess as I can't interrogate the BIOS to confirm.
So it's a pretty poor identifier to include in the metrics.
06-27-2023 03:39 AM
If this helps anyone else:
Does anyone know if the values published represent a point in time when the metrics are posted or an average since the last post?
TAC have confirmed its a point in time measurement when the metrics are posted to app insight.
It looks to me like the only identifier for the firewall that generated the log entry is customDimensions.InstanceId. This instance Id seems to be a unique ID set in deep in the VMs BIOS, does anybody know how to tie that back to a specific VMid or Name?
TAC were pretty useless in answering this...Their SME said to contact Azure for an answer and that it was not a value populated by the plugin. - which is just not true.
From what I can tell the value comes from
show system state | match cfg.platform.instance-id
and would appear to represent (https://azure.microsoft.com/en-us/blog/accessing-and-using-azure-vm-unique-id/) - but that is just a guess as I can't interrogate the BIOS to confirm.
So it's a pretty poor identifier to include in the metrics.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
