Forum Discussion
Unable to integrate suse linux (azure VM) on azure sentinel
Hello experts,
I am facing a challenge while integrating Azure VM suse linux using syslog dataconnector. I have configured levels and connected to the VM to the workspace. But still it is not showing as connected in data connectors page. Please suggest what could be the issue.
what is the agent used to collect it? is is same to that of Azure Monitor.
- Jayesh_D123Copper Contributor
The servers are in a protected region with no internet access. So what needs to be enabled between VM and workspace.
- thomasdefiseBrass Contributor
Hello Jayesh_D123,
Here is a write-up on how to configure it:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-syslog
Syslog settings in "Advanced Settings" are pushed towards the OMS Agent within 10/15 minutes.I would suggest to try to get already the logs from your Linux O.S. going to Azure Sentinel by enabling Syslog Facility such as "auth", "deamon" and then have a look inside Azure Sentinel if there is data going the connector in the Data Connector blade.
You may need also to verify that there is no network filtering in place somewhere (Host-level firewall, ...)
Kind Regards,Thomas
- YanivSh
Microsoft
Jayesh_D123 yes this is the same agent ( MMA\Azure monitor)
You can see here the SUSE linux is supported https://github.com/microsoft/OMS-Agent-for-Linux#supported-linux-operating-systems
this is the urls that you need to enable in the FW\proxy https://docs.microsoft.com/en-us/azure/azure-monitor/platform/log-analytics-agent#network-firewall-requirements