Manage Network Watcher Agent virtual machine extension for Linux

Article
08/13/2024

The Network Watcher Agent virtual machine extension is a requirement for some of Azure Network Watcher features that capture network traffic to diagnose and monitor Azure virtual machines (VMs). For more information, see What is Azure Network Watcher?

In this article, you learn how to install and uninstall Network Watcher Agent for Linux. Installation of the agent doesn't disrupt, or require a reboot of the virtual machine. If the virtual machine is deployed by an Azure service, check the documentation of the service to determine whether or not it permits installing extensions in the virtual machine.

Note

Network Watcher Agent extension is not supported on AKS clusters.

Prerequisites

An Azure Linux virtual machine (VM). For more information, see Supported Linux distributions and versions.
Outbound TCP connectivity to 169.254.169.254 over port 80 and 168.63.129.16 over port 8037. The agent uses these IP addresses to communicate with the Azure platform.
Internet connectivity: Network Watcher Agent requires internet connectivity for some features to properly work. For example, it requires connectivity to your storage account to upload packet captures. For more information, see Packet capture overview.

An Azure Linux virtual machine (VM). For more information, see Supported Linux distributions and versions.
Outbound TCP connectivity to 169.254.169.254 over port 80 and 168.63.129.16 over port 8037. The agent uses these IP addresses to communicate with the Azure platform.
Internet connectivity: Network Watcher Agent requires internet connectivity for some features to properly work. For example, it requires connectivity to your storage account to upload packet captures. For more information, see Packet capture overview.
Azure PowerShell.

You can install Azure PowerShell locally to run the cmdlets. If you run PowerShell locally, sign in to Azure using the Connect-AzAccount cmdlet.

An Azure Linux virtual machine (VM). For more information, see Supported Linux distributions and versions.
Outbound TCP connectivity to 169.254.169.254 over port 80 and 168.63.129.16 over port 8037. The agent uses these IP addresses to communicate with the Azure platform.
Internet connectivity: Network Watcher Agent requires internet connectivity for some features to properly work. For example, it requires connectivity to your storage account to upload packet captures. For more information, see Packet capture overview.
Azure CLI.

You can install Azure CLI locally to run the commands. If you run Azure CLI locally, sign in to Azure using the az login command.

An Azure Linux virtual machine (VM). For more information, see Supported Linux distributions and versions.
Outbound TCP connectivity to 169.254.169.254 over port 80 and 168.63.129.16 over port 8037. The agent uses these IP addresses to communicate with the Azure platform.
Internet connectivity: Network Watcher Agent requires internet connectivity for some features to properly work. For example, it requires connectivity to your storage account to upload packet captures. For more information, see Packet capture overview.
Azure PowerShell or Azure CLI installed locally to deploy the template.
- You can install Azure PowerShell to run the cmdlets. Use Connect-AzAccount cmdlet to sign in to Azure.
- You can install Azure CLI to run the commands. Use az login command to sign in to Azure.

Supported operating systems

Network Watcher Agent extension for Linux can be installed on the following Linux distributions:

Distribution	Version
AlmaLinux	9.2
Azure Linux	2.0
CentOS ¹	6.10 and 7
Debian	7 and 8
OpenSUSE Leap	42.3+
SUSE Linux Enterprise Server (SLES)	12 and 15 (SP2, SP3, and SP4)
Ubuntu	16+

¹ CentOS Linux reached its end-of-life (EOL) on June 30, 2024. For more information, see the CentOS End Of Life guidance.

Extension schema

The following JSON shows the schema for the Network Watcher Agent extension. The extension doesn't require, or support, any user-supplied settings. The extension relies on its default configuration.

{
    "name": "[concat(parameters('vmName'), '/AzureNetworkWatcherExtension')]",
    "type": "Microsoft.Compute/virtualMachines/extensions",
    "apiVersion": "2023-03-01",
    "location": "[resourceGroup().location]",
    "dependsOn": [
        "[concat('Microsoft.Compute/virtualMachines/', parameters('vmName'))]"
    ],
    "properties": {
        "autoUpgradeMinorVersion": true,
        "publisher": "Microsoft.Azure.NetworkWatcher",
        "type": "NetworkWatcherAgentLinux",
        "typeHandlerVersion": "1.4"
    }
}

List installed extensions

From the virtual machine page in the Azure portal, you can view the installed extension by following these steps:

Under Settings, select Extensions + applications.
In the Extensions tab, you can see all installed extensions on the virtual machine. If the list is long, you can use the search box to filter the list.

Use Get-AzVMExtension cmdlet to list all installed extensions on the virtual machine:

# List the installed extensions on the virtual machine.
Get-AzVMExtension -ResourceGroupName 'myResourceGroup' -VMName 'myVM' | format-table Name, Publisher, ExtensionType, AutoUpgradeMinorVersion, EnableAutomaticUpgrade

The output of the cmdlet lists the installed extensions:

Name                         Publisher                      ExtensionType            AutoUpgradeMinorVersion EnableAutomaticUpgrade
----                         ---------                      -------------            ----------------------- ----------------------
AzureNetworkWatcherExtension Microsoft.Azure.NetworkWatcher NetworkWatcherAgentLinux                    True                   True

Use az vm extension list command to list all installed extensions on the virtual machine:

# List the installed extensions on the virtual machine.
az vm extension list --resource-group 'myResourceGroup' --vm-name 'myVM' --out table

The output of the command lists the installed extensions:

Name                          ProvisioningState    Publisher                       Version    AutoUpgradeMinorVersion
----------------------------  -------------------  ------------------------------  ---------  -------------------------
AzureNetworkWatcherExtension  Succeeded            Microsoft.Azure.NetworkWatcher  1.4        True

Install Network Watcher Agent VM extension

From the virtual machine page in the Azure portal, you can install the Network Watcher Agent VM extension by following these steps:

Under Settings, select Extensions + applications.
Select + Add and search for Network Watcher Agent and install it. If the extension is already installed, you can see it in the list of extensions.
In the search box of Install an Extension, enter Network Watcher Agent for Linux. Select the extension from the list and select Next.
Select Review + create and then select Create.

Use Set-AzVMExtension cmdlet to install Network Watcher Agent VM extension on the virtual machine:

# Install Network Watcher Agent for Linux on the virtual machine.
Set-AzVMExtension -Name 'AzureNetworkWatcherExtension' -Publisher 'Microsoft.Azure.NetworkWatcher' -ExtensionType 'NetworkWatcherAgentLinux' -EnableAutomaticUpgrade 1 -TypeHandlerVersion '1.4' -ResourceGroupName 'myResourceGroup' -VMName 'myVM'

Once the installation is successfully completed, you see the following output:

RequestId IsSuccessStatusCode StatusCode ReasonPhrase
--------- ------------------- ---------- ------------
                         True         OK

Use az vm extension set command to install Network Watcher Agent VM extension on the virtual machine:

# Install Network Watcher Agent for Windows on the virtual machine.
az vm extension set --name 'NetworkWatcherAgentLinux' --extension-instance-name 'AzureNetworkWatcherExtension' --publisher 'Microsoft.Azure.NetworkWatcher' --enable-auto-upgrade 'true' --version '1.4' --resource-group 'myResourceGroup' --vm-name 'myVM'

Use the following Azure Resource Manager template (ARM template) to install Network Watcher Agent VM extension on a Linux virtual machine:

{
    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "vmName": {
                "type": "string"
            }
    },
    "variables": {},
    "resources": [
        {
                "name": "[parameters('vmName')]",
                "type": "Microsoft.Compute/virtualMachines",
                "apiVersion": "2023-03-01",
                "location": "[resourceGroup().location]",
                "properties": {
                }
            },
            {
                "name": "[concat(parameters('vmName'), '/AzureNetworkWatcherExtension')]",
                "type": "Microsoft.Compute/virtualMachines/extensions",
                "apiVersion": "2023-03-01",
                "location": "[resourceGroup().location]",
                "dependsOn": [
                    "[concat('Microsoft.Compute/virtualMachines/', parameters('vmName'))]"
                ],
                "properties": {
                    "autoUpgradeMinorVersion": true,
                    "publisher": "Microsoft.Azure.NetworkWatcher",
                    "type": "NetworkWatcherAgentLinux",
                    "typeHandlerVersion": "1.4"
                }
            }
    ],
    "outputs": {}
}

You can use either Azure PowerShell or Azure CLI to deploy the Resource Manager template:

# Deploy the JSON template file using Azure PowerShell.
New-AzResourceGroupDeployment -ResourceGroupName 'myResourceGroup' -TemplateFile 'agent.json'

# Deploy the JSON template file using the Azure CLI.
az deployment group create --resource-group 'myResourceGroup' --template-file 'agent.json'

Uninstall Network Watcher Agent VM extension

From the virtual machine page in the Azure portal, you can uninstall the Network Watcher Agent VM extension by following these steps:

Under Settings, select Extensions + applications.
Select AzureNetworkWatcherExtension from the list of extensions, and then select Uninstall.

Note

You might see Network Watcher Agent VM extension named differently than AzureNetworkWatcherExtension.

Use Remove-AzVMExtension cmdlet to remove Network Watcher Agent VM extension from the virtual machine:

# Uninstall Network Watcher Agent VM extension.
Remove-AzureVMExtension -Name 'AzureNetworkWatcherExtension' -ResourceGroupName 'myResourceGroup' -VMName 'myVM'

Use az vm extension delete command to remove Network Watcher Agent VM extension from the virtual machine:

# Uninstall Network Watcher Agent VM extension.
az vm extension delete --name 'AzureNetworkWatcherExtension' --resource-group 'myResourceGroup' --vm-name 'myVM'

Frequently asked questions (FAQ)

To get answers to most frequently asked questions about Network Watcher Agent, see Network Watcher Agent FAQ.