Forum Discussion

Copper Contributor

Feb 17, 2022

Solved

Can a single Syslog Log forwarder VM get logs from multiple Log Sources?

Hi, I have a scenario where I need to have a Syslog Log forwarding VM that could collect Logs from multiple sources and forward it to a Log Analytics Workspace. Is this possible in Azure?

roadruner
Feb 21, 2022
Pending on how much data your sending. and from how many sources... if its a lot i would be scale setting the vm. Last i read one box can do close to 10k eps..

Here i a great link to to an arm template that does the scale set and everything else you need. For redhat and ubuntu.

https://github.com/Azure/Azure-Sentinel/tree/master/DataConnectors/CEF-VMSS

reference from - https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/scaling-up-syslog-cef-collection/ba-p/1185854

roadruner

Copper Contributor

Feb 21, 2022

Pending on how much data your sending. and from how many sources... if its a lot i would be scale setting the vm. Last i read one box can do close to 10k eps..

Here i a great link to to an arm template that does the scale set and everything else you need. For redhat and ubuntu.

https://github.com/Azure/Azure-Sentinel/tree/master/DataConnectors/CEF-VMSS

reference from - https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/scaling-up-syslog-cef-collection/ba-p/1185854