MicrosoftDocs
diff --git a/‎articles/virtual-machines/extensions/media/network-watcher/install-extension-linux.png
47 KB b/‎articles/virtual-machines/extensions/media/network-watcher/install-extension-linux.png
47 KB
diff --git a/‎articles/virtual-machines/extensions/media/network-watcher/uninstall-extension-linux.png
48.1 KB b/‎articles/virtual-machines/extensions/media/network-watcher/uninstall-extension-linux.png
48.1 KB
diff --git a/‎articles/virtual-machines/extensions/network-watcher-linux.md
Lines changed: 200 additions & 16 deletions b/‎articles/virtual-machines/extensions/network-watcher-linux.md
Lines changed: 200 additions & 16 deletions
@@ -9,16 +9,18 @@ ms.topic: how-to
 ms.collection: linux
 ms.date: 03/31/2024
 ms.custom: devx-track-azurepowershell, devx-track-azurecli, devx-track-arm-template, linux-related-content
+
+#CustomerIntent: As an Azure administrator, I want to learn about Network Watcher Agent VM extension so that I can use Network watcher features to diagnose and monitor my Linux virtual machines (VMs).
 ---
 
 # Manage Network Watcher Agent virtual machine extension for Linux
 
 > [!CAUTION]
 > This article references CentOS, a Linux distribution that is nearing End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](~/articles/virtual-machines/workloads/centos/centos-end-of-life.md).
 
-[Azure Network Watcher](../../network-watcher/network-watcher-monitoring-overview.md) is a network performance monitoring, diagnostic, and analytics service that allows monitoring for Azure networks. The Network Watcher Agent virtual machine extension is a requirement for some of the Network Watcher features on Azure virtual machines (VMs), such as capturing network traffic on demand, and other advanced functionality.
+The Network Watcher Agent virtual machine extension is a requirement for some of Azure Network Watcher features that capture network traffic to diagnose and monitor Azure virtual machines (VMs). For more information, see [What is Azure Network Watcher?](../../network-watcher/network-watcher-overview.md)
 
-In this article, you learn about the supported platforms and deployment options for the Network Watcher Agent VM extension for Linux. Installation of the agent doesn't disrupt, or require a reboot of the virtual machine. You can install the extension on virtual machines that you deploy. If the virtual machine is deployed by an Azure service, check the documentation for the service to determine whether or not it permits installing extensions in the virtual machine.
+In this article, you learn how to install and uninstall Network Watcher Agent for Linux. Installation of the agent doesn't disrupt, or require a reboot of the virtual machine. If the virtual machine is deployed by an Azure service, check the documentation of the service to determine whether or not it permits installing extensions in the virtual machine.
 
 > [!NOTE]
 > Network Watcher Agent extension is not supported on AKS clusters.
@@ -29,13 +31,17 @@ In this article, you learn about the supported platforms and deployment options
 
 - An Azure Linux virtual machine (VM). For more information, see [Supported operating systems](#supported-operating-systems).
 
-- Internet connectivity: some of the Network Watcher Agent functionality requires that the virtual machine is connected to the internet. For example, without the ability to establish outgoing connections, the Network Watcher Agent can't upload packet captures to your storage account. For more information, see [Packet capture overview](../../network-watcher/packet-capture-overview.md).
+- Outbound TCP connectivity to `169.254.169.254` over `port 80` and `168.63.129.16` over `port 8037`. The agent uses these IP addresses to communicate with the Azure platform. 
+
+- Internet connectivity: Network Watcher Agent requires internet connectivity for some features to properly work. For example, it requires connectivity to your storage account to upload packet captures. For more information, see [Packet capture overview](../../network-watcher/packet-capture-overview.md).
 
 # [**PowerShell**](#tab/powershell)
 
 - An Azure Linux virtual machine (VM). For more information, see [Supported operating systems](#supported-operating-systems).
 
-- Internet connectivity: some of the Network Watcher Agent functionality requires that the virtual machine is connected to the internet. For example, without the ability to establish outgoing connections, the Network Watcher Agent can't upload packet captures to your storage account. For more information, see [Packet capture overview](../../network-watcher/packet-capture-overview.md).
+- Outbound TCP connectivity to `169.254.169.254` over `port 80` and `168.63.129.16` over `port 8037`. The agent uses these IP addresses to communicate with the Azure platform. 
+
+- Internet connectivity: Network Watcher Agent requires internet connectivity for some features to properly work. For example, it requires connectivity to your storage account to upload packet captures. For more information, see [Packet capture overview](../../network-watcher/packet-capture-overview.md).
 
 - Azure Cloud Shell or Azure PowerShell.
 
@@ -47,7 +53,9 @@ In this article, you learn about the supported platforms and deployment options
 
 - An Azure Linux virtual machine (VM). For more information, see [Supported operating systems](#supported-operating-systems).
 
-- Internet connectivity: some of the Network Watcher Agent functionality requires that the virtual machine is connected to the internet. For example, without the ability to establish outgoing connections, the Network Watcher Agent can't upload packet captures to your storage account. For more information, see [Packet capture overview](../../network-watcher/packet-capture-overview.md).
+- Outbound TCP connectivity to `169.254.169.254` over `port 80` and `168.63.129.16` over `port 8037`. The agent uses these IP addresses to communicate with the Azure platform. 
+
+- Internet connectivity: Network Watcher Agent requires internet connectivity for some features to properly work. For example, it requires connectivity to your storage account to upload packet captures. For more information, see [Packet capture overview](../../network-watcher/packet-capture-overview.md).
 
 - Azure Cloud Shell or Azure CLI.
 
@@ -59,7 +67,9 @@ In this article, you learn about the supported platforms and deployment options
 
 - An Azure Linux virtual machine (VM). For more information, see [Supported operating systems](#supported-operating-systems).
 
-- Internet connectivity: some of the Network Watcher Agent functionality requires that the virtual machine is connected to the internet. For example, without the ability to establish outgoing connections, the Network Watcher Agent can't upload packet captures to your storage account. For more information, see [Packet capture overview](../../network-watcher/packet-capture-overview.md).
+- Outbound TCP connectivity to `169.254.169.254` over `port 80` and `168.63.129.16` over `port 8037`. The agent uses these IP addresses to communicate with the Azure platform. 
+
+- Internet connectivity: Network Watcher Agent requires internet connectivity for some features to properly work. For example, it requires connectivity to your storage account to upload packet captures. For more information, see [Packet capture overview](../../network-watcher/packet-capture-overview.md).
 
 - Azure PowerShell or Azure CLI installed locally to deploy the template. 
 
@@ -83,7 +93,7 @@ Network Watcher Agent extension for Linux can be installed on the following Linu
 | Oracle Linux | 6.10, 7 and 8+ |
 | Red Hat Enterprise Linux (RHEL) | 6.10, 7, 8 and 9.2 |
 | Rocky Linux | 9.1 |
-| SUSE Linux Enterprise Server (SLES) | 12 and 15 (SP2, SP3 and SP4) |
+| SUSE Linux Enterprise Server (SLES) | 12 and 15 (SP2, SP3, and SP4) |
 | Ubuntu | 16+ |
 
 > [!NOTE]
@@ -112,28 +122,202 @@ The following JSON shows the schema for the Network Watcher Agent extension. The
 }
 ```
 
-## Template deployment
+## List installed extensions
+
+# [**Portal**](#tab/portal)
+
+From the virtual machine page in the Azure portal, you can view the installed extension by following these steps:
+
+1. Under **Settings**, select **Extensions + applications**.
+
+1. In the **Extensions** tab, you can see all installed extensions on the virtual machine. If the list is long, you can use the search box to filter the list.
+
+    :::image type="content" source="./media/network-watcher/list-vm-extensions.png" alt-text="Screenshot that shows how to view installed extensions on a VM in the Azure portal." lightbox="./media/network-watcher/list-vm-extensions.png":::
+
+# [**PowerShell**](#tab/powershell)
+
+Use [Get-AzVMExtension](/powershell/module/az.compute/get-azvmextension) cmdlet to list all installed extensions on the virtual machine:
+
+```azurepowershell-interactive
+# List the installed extensions on the virtual machine.
+Get-AzVMExtension -ResourceGroupName 'myResourceGroup' -VMName 'myVM' | format-table Name, Publisher, ExtensionType, EnableAutomaticUpgrade
+```
+
+The output of the cmdlet lists the installed extensions:
 
-You can deploy Azure VM extensions with an Azure Resource Manager template (ARM template) using the previous JSON [schema](#extension-schema).
+```output
+Name                         Publisher                      ExtensionType            AutoUpgradeMinorVersion EnableAutomaticUpgrade
+----                         ---------                      -------------            ----------------------- ----------------------
+AzureNetworkWatcherExtension Microsoft.Azure.NetworkWatcher NetworkWatcherAgentLinux                    True                   True
+```
 
-## Azure CLI deployment
+# [**Azure CLI**](#tab/cli)
 
-The following example deploys the Network Watcher Agent VM extension to an existing VM deployed through Resource Manager:
+Use [az vm extension list](/cli/azure/vm/extension#az-vm-extension-list) command to list all installed extensions on the virtual machine:
 
 ```azurecli
-az vm extension set --resource-group myResourceGroup1 --vm-name myVM1 --name NetworkWatcherAgentLinux --publisher Microsoft.Azure.NetworkWatcher --version 1.4
+# List the installed extensions on the virtual machine.
+az vm extension list --resource-group 'myResourceGroup' --vm-name 'myVM' --out table
+```
+
+The output of the command lists the installed extensions:
+
+```output
+Name                          ProvisioningState    Publisher                       Version    AutoUpgradeMinorVersion
+----------------------------  -------------------  ------------------------------  ---------  -------------------------
+AzureNetworkWatcherExtension  Succeeded            Microsoft.Azure.NetworkWatcher  1.4        True
 ```
 
-## Troubleshooting
+# [**Resource Manager**](#tab/arm)
+
+N/A
+
+---
+
+## Install Network Watcher Agent VM extension
+
+# [**Portal**](#tab/portal)
+
+From the virtual machine page in the Azure portal, you can install the Network Watcher Agent VM extension by following these steps:
+
+1. Under **Settings**, select **Extensions + applications**.
+
+1. Select **+ Add** and search for **Network Watcher Agent** and install it. If the extension is already installed, you can see it in the list of extensions.
+
+    :::image type="content" source="./media/network-watcher/vm-extensions.png" alt-text="Screenshot that shows the VM's extensions page in the Azure portal." lightbox="./media/network-watcher/vm-extensions.png":::
 
-You can retrieve data about the state of extension deployments using either the Azure portal or Azure CLI.
+1. In the search box of **Install an Extension**, enter *Network Watcher Agent for Linux*. Select the extension from the list and select **Next**.
 
-The following example shows the deployment state of the NetworkWatcherAgentLinux extension for a VM deployed through Resource Manager, using the Azure CLI:
+    :::image type="content" source="./media/network-watcher/install-extension-linux.png" alt-text="Screenshot that shows how to install Network Watcher Agent for Linux in the Azure portal." lightbox="./media/network-watcher/install-extension-linux.png":::
+
+1. Select **Review + create** and then select **Create**.
+
+# [**PowerShell**](#tab/powershell)
+
+Use [Set-AzVMExtension](/powershell/module/az.compute/set-azvmextension) cmdlet to install Network Watcher Agent VM extension on the virtual machine:
+
+```azurepowershell-interactive
+# Install Network Watcher Agent for Linux on the virtual machine.
+Set-AzVMExtension -Name 'AzureNetworkWatcherExtension' -Publisher 'Microsoft.Azure.NetworkWatcher' -ExtensionType 'NetworkWatcherAgentLinux' -EnableAutomaticUpgrade 1 -TypeHandlerVersion '1.4' -ResourceGroupName 'myResourceGroup' -VMName 'myVM' 
+```
+
+Once the installation is successfully completed, you see the following output:
+
+```output
+RequestId IsSuccessStatusCode StatusCode ReasonPhrase
+--------- ------------------- ---------- ------------
+                         True         OK 
+```
+
+# [**Azure CLI**](#tab/cli)
+
+Use [az vm extension set](/cli/azure/vm/extension#az-vm-extension-set) command to install Network Watcher Agent VM extension on the virtual machine: 
+
+```azurecli
+# Install Network Watcher Agent for Windows on the virtual machine.
+az vm extension set --name 'NetworkWatcherAgentLinux' --extension-instance-name 'AzureNetworkWatcherExtension' --publisher 'Microsoft.Azure.NetworkWatcher' --enable-auto-upgrade 'true' --version '1.4' --resource-group 'myResourceGroup' --vm-name 'myVM'
+```
+
+# [**Resource Manager**](#tab/arm)
+
+Use the following Azure Resource Manager template (ARM template) to install Network Watcher Agent VM extension on a Linux virtual machine:
+
+```json
+{
+    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+    "contentVersion": "1.0.0.0",
+    "parameters": {
+        "vmName": {
+                "type": "string"
+            }
+    },
+    "variables": {},
+    "resources": [
+        {
+                "name": "[parameters('vmName')]",
+                "type": "Microsoft.Compute/virtualMachines",
+                "apiVersion": "2023-03-01",
+                "location": "[resourceGroup().location]",
+                "properties": {
+                }
+            },
+            {
+                "name": "[concat(parameters('vmName'), '/AzureNetworkWatcherExtension')]",
+                "type": "Microsoft.Compute/virtualMachines/extensions",
+                "apiVersion": "2023-03-01",
+                "location": "[resourceGroup().location]",
+                "dependsOn": [
+                    "[concat('Microsoft.Compute/virtualMachines/', parameters('vmName'))]"
+                ],
+                "properties": {
+                    "autoUpgradeMinorVersion": true,
+                    "publisher": "Microsoft.Azure.NetworkWatcher",
+                    "type": "NetworkWatcherAgentLinux",
+                    "typeHandlerVersion": "1.4"
+                }
+            }
+    ],
+    "outputs": {}
+}
+```
+
+You can use either Azure PowerShell or Azure CLI to deploy the Resource Manager template:
+
+```azurepowershell
+# Deploy the JSON template file using Azure PowerShell.
+New-AzResourceGroupDeployment -ResourceGroupName 'myResourceGroup' -TemplateFile 'agent.json'
+```
 
 ```azurecli
-az vm extension show --name NetworkWatcherAgentLinux --resource-group myResourceGroup1 --vm-name myVM1
+# Deploy the JSON template file using the Azure CLI.
+az deployment group create --resource-group 'myResourceGroup' --template-file 'agent.json'
 ```
 
+---
+
+## Uninstall Network Watcher Agent VM extension
+
+# [**Portal**](#tab/portal)
+
+From the virtual machine page in the Azure portal, you can uninstall the Network Watcher Agent VM extension by following these steps:
+
+1. Under **Settings**, select **Extensions + applications**.
+
+1. Select **AzureNetworkWatcherExtension** from the list of extensions, and then select **Uninstall**.
+
+    :::image type="content" source="./media/network-watcher/uninstall-extension-linux.png" alt-text="Screenshot that shows how to uninstall Network Watcher Agent for Linux in the Azure portal." lightbox="./media/network-watcher/uninstall-extension-linux.png":::
+
+    > [!NOTE]
+    > In the list of extensions, you might see Network Watcher Agent VM extension named differently than **AzureNetworkWatcherExtension**.
+
+# [**PowerShell**](#tab/powershell)
+
+Use [Remove-AzVMExtension](/powershell/module/az.compute/remove-azvmextension) cmdlet to remove Network Watcher Agent VM extension from the virtual machine:
+
+```azurepowershell-interactive
+# Uninstall Network Watcher Agent VM extension.
+Remove-AzureVMExtension -Name 'AzureNetworkWatcherExtension' -ResourceGroupName 'myResourceGroup' -VMName 'myVM'
+```
+
+# [**Azure CLI**](#tab/cli)
+
+Use [az vm extension delete](/cli/azure/vm/extension#az-vm-extension-delete) command to remove Network Watcher Agent VM extension from the virtual machine:
+
+```azurecli-interactive
+# Uninstall Network Watcher Agent VM extension.
+az vm extension delete --name 'AzureNetworkWatcherExtension' --resource-group 'myResourceGroup' --vm-name 'myVM'
+```
+
+# [**Resource Manager**](#tab/arm)
+
+N/A
+
+---
+
+## Frequently asked questions (FAQ)
+
+To get answers to most frequently asked questions about Network Watcher Agent, see [Network Watcher Agent FAQ](../../network-watcher/frequently-asked-questions#network-watcher-agent).
+
 ## Related content
 
 - [Update Azure Network Watcher extension to the latest version](network-watcher-update.md).