Forum Discussion
Azure Sentinel - Dual Syslog Forwarding
We have a CentOS 7 syslog server running rsyslog and receiving messages on UDP 514. Is it supported to forward syslog messages from this server to a remote collector using the rsyslog daemon while th...
Ofer_Shezaf
Microsoft
Microsofta-balde : to avoid event loss I suggest moving to TCP, using
*.* @@192.168.2.56:514
Naturally, you will need to have to also support TCP on the recieving rsyslog.
I would suggest also moving to TCP for sending to Sentinel as described here: "The log forwarder deep dive webinar (plus a bonus: learn how to use it to filter events)": YouTube, MP4, Deck