Forum Discussion
log via syslog server agent to Azure Sentinel (list of IPs?) & dual agent to two Log Analytics space
Hi, I am currently looking at setting up something like this: Security devices > syslog server > Microsoft Sentinel In order to tie down/restrict somewhat the access this syslog server has, is the...
Regarding the bonus question.
Multi-homing (sending logs to multiple workspaces) on Linux is not possible with the traditional Log Analytics Agent (MMA), you would need to use the Azure Monitor Agent(AMA) instead.
AMA can only handle 5000 events per second currently it seems though, so it might not be a real choice when you use syslog.
https://docs.microsoft.com/en-us/azure/sentinel/ama-migrate
If 5000 events per second is not enough, you need to use MMA, which can only connect to a single workspace.