question

pavankemisetti-4689 avatar image
0 Votes"
pavankemisetti-4689 asked azure-cxp-api edited

Send syslog server logs to Azure Sentinel through log analytics gateway

Team, I have a scenario where one of our customer wanted to send the syslog data to Sentinel through log analytics gateway. We tried to simulate this on our lab but we were facing issues with the successful installation. Can we have a steps where we can follow to suceed with this approach.

azure-monitormicrosoft-sentinel
· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@pavankemisetti-4689
Thank you for your post! I looked into your issue and found some links that might help.

Azure Sentinel Documentation - Collect data from Linux-based sources using Syslog
Azure Monitor Documentation - Collect Syslog data sources with Log Analytics agent


If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.

0 Votes 0 ·

HI James,

Thanks for the response. We have a linux machine which does not connect to the internet and we have configured log analytics gateway to send the logs to sentinel from the linux machine. We have configured log analytics gateway as a proxy.

Point here is we are able to get the syslog from the machine but unable to configure the CEF connector to get the CEF logs
Unable to modify the rsyslog.d configurations. We have used the manual download of the OMS agent rather than the script which connect to the internet to get all the required configurations.

0 Votes 0 ·

Cannit access the path below though i am a root user and says permission denied. owner of the file is omsagent

/etc/opt/microsoft/omsagent/{0}/conf/omsagent.d/security_events.conf

0 Votes 0 ·
Show more comments

0 Answers