Enable VM Monitoring to Track VM Changes on GCP

• The error received is: vm-info-source gcp-vm-info(vsys1): failed to connected to GCE, status GCE-ERROR: gce-unauthorised : Insufficient Permission

• Review System Logs and/or useridd logs to understand the failure event.

2018/06/27 14:45:02 high     userid         connect 0  vm-info-source gcp-vm-info(vsys1): failed to connected to GCE, status GCE-ERROR: gce-communication-error no connection is available to Google Cloud

• Enable user-id debug for vmmonitor and set logging level at "debug" and monitor useridd.logs

2019-01-21 15:46:35.773 -0500 Error: pan_vm_gce_source_parse_updates(pan_vm_info_src_gce.c:1358): GCE-ERROR: gce-unauthorised : Insufficient Permission

2019-01-21 15:46:35.773 -0500 Error: pan_vm_gce_source_parse_n_proc_updates(pan_vm_info_src_gce.c:831): pan_vm_gce_source_parse_updates failed

2019-01-21 15:46:35.773 -0500 Error: pan_vm_gce_source_proc(pan_vm_info_src_gce.c:1542): pan_vm_info_source_parse_n_proc_updates failed for vm-info-source gcp-vm-info

• Platform: PAN-OS
• PAN-OS / Plugin Version: 8.1+ / NA
• Deployment: VM Information sources

• If you want to monitor from a firewall outside the current project, choose Service Account. You must upload the service account credentials in JSON format that have permissions to access the Google API

• The service account must have the IAM policies (Compute Engine Viewer role) that authorize access to the Google API and that allow it to query the virtual machines in the Google Cloud Project for virtual machine metadata.

• Role permission required for enabling VM Monitoring in GCP.