Forum Discussion

David Caddick's avatar
David Caddick
Iron Contributor
Jul 11, 2019

Azure Sentinel - enabling Syslog from onPrem Linux

Checking on details in this:

https://docs.microsoft.com/en-us/azure/sentinel/connect-syslog

We have a working Linux Syslog Connector (not in Azure - it's onPrem) but it seems that while we can now see Heartbeat info coming thru that steps 3 & 4 above are not valid...

How can we get this working or have we somehow misunderstood some element?

1 Reply

  • Ofer_Shezaf's avatar
    Ofer_Shezaf
    Icon for Microsoft rankMicrosoft
    Jul 14, 2019

    David Caddick : 

     

    I think that the instructions on the connector page are somewhat clearer:

     

    1. Under workspace advanced settings Configuration, select Data and then Syslog.
    2. Select Apply below configuration to my machines and select the facilities and severities.
    3. Click Save.

    Also, note that the agent configures behind the scenes rsyslog or syslogNG. If you did manual configuration yourself, it might override.