Forum Discussion
What to do with Syslog Forwarder data connectors that are still built on the OMS Agent?
Hello,
I'm currently working on deploying the VMware vCenter data connector to a Sentinel workspace.
The issue is that, according to the documentation, the data connector will make use of a Syslog Forwarder that is still built upon the OMS agent instead of the AMA agent.
An AMA version has now been created for most other firewall data connectors to deprecate the legacy connectors.
As far as I can tell, the data connector documentation makes no note of this data connector being deprecated or legacy.
My question is then:
- Should I be concerned about deploying a syslog forwarder with the OMS agent?
- And if so, what alternatives do I have?
I've previously built a custom solution for ingesting Cisco Meraki logs via an AMA agent, since the out of the box solution with the OMS agent wasn't working optimally. But ideally, I would like to not have to build a custom solution.
Ulrik_Klepsch i think the only choice left is to adopt AMA, use azure ARC to make your machine as cloud resource, then push AMA.
Thank you for your insight.
We've decided to also go forward with the AMA agent.
In that case though we won't be using the Data Connector that is included in Content Hub solution, and will instead be ingesting the logs to the Syslog table instead of the vcenter_CL table.
Will then have to update the parser that is included in the solution.Rod_Trent Will Microsoft be providing updated parser functions that work of the Syslog table instead of XXXXX_CL tables? If yes, is there a roadmap and planned delivery dates?
Thanks
Stephen
