Forum Discussion

Copper Contributor

Dec 26, 2019

Unable to integrate suse linux (azure VM) on azure sentinel

Hello experts, I am facing a challenge while integrating Azure VM suse linux using syslog dataconnector. I have configured levels and connected to the VM to the workspace. But still it is not sho...

Copper Contributor

Dec 26, 2019

The servers are in a protected region with no internet access. So what needs to be enabled between VM and workspace.

thomasdefise
Brass Contributor
Dec 31, 2019
Hello Jayesh_D123,

Here is a write-up on how to configure it:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-syslog
Syslog settings in "Advanced Settings" are pushed towards the OMS Agent within 10/15 minutes.

I would suggest to try to get already the logs from your Linux O.S. going to Azure Sentinel by enabling Syslog Facility such as "auth", "deamon" and then have a look inside Azure Sentinel if there is data going the connector in the Data Connector blade.

You may need also to verify that there is no network filtering in place somewhere (Host-level firewall, ...)

Kind Regards,
Thomas
YanivSh
Microsoft
Dec 26, 2019
Jayesh_D123 yes this is the same agent ( MMA\Azure monitor)

You can see here the SUSE linux is supported https://github.com/microsoft/OMS-Agent-for-Linux#supported-linux-operating-systems

this is the urls that you need to enable in the FW\proxy https://docs.microsoft.com/en-us/azure/azure-monitor/platform/log-analytics-agent#network-firewall-requirements

Resources