Home

Do Syslog agent have the capability to forward already existing logs in the syslog server?

%3CLINGO-SUB%20id%3D%22lingo-sub-758921%22%20slang%3D%22en-US%22%3EDo%20Syslog%20agent%20have%20the%20capability%20to%20forward%20already%20existing%20logs%20in%20the%20syslog%20server%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-758921%22%20slang%3D%22en-US%22%3E%3CP%3EDo%20Syslog%20agent%20have%20the%20capability%20to%20forward%20already%20existing%20logs%20in%20the%20syslog%20server%20or%20it%20will%20just%20forward%20the%20logs%20after%20installing%20the%20agent.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-763196%22%20slang%3D%22en-US%22%3ERe%3A%20Do%20Syslog%20agent%20have%20the%20capability%20to%20forward%20already%20existing%20logs%20in%20the%20syslog%20server%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-763196%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F357536%22%20target%3D%22_blank%22%3E%40dkjagadabi%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EJust%20the%20logs%20after%20install.%26nbsp%3B%20What%20is%20the%20use%20case%20you%20are%20looking%20to%20solve%20with%20grabbing%20backwards%20logs%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-763206%22%20slang%3D%22en-US%22%3ERe%3A%20Do%20Syslog%20agent%20have%20the%20capability%20to%20forward%20already%20existing%20logs%20in%20the%20syslog%20server%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-763206%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F357536%22%20target%3D%22_blank%22%3E%40dkjagadabi%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fazure-monitor%2Fplatform%2Fdata-sources-syslog%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3ELog%20Analytics%20Agent%3C%2FA%3E%26nbsp%3Bwill%20forward%26nbsp%3B%3CEM%3Enew%20events%3C%2FEM%3Eper%20the%20configuration.%26nbsp%3B%20This%20is%20consistent%20with%20a%20push%20architecture.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIf%20that%20doesn't%20meet%20your%20requirements%2C%20you%20can%20always%20use%20the%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fazure-monitor%2Fplatform%2Fdata-collector-api%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3ELog%20Analytics%20Data%20Collector%20here%3C%2FA%3E%26nbsp%3Bwhere%20you%20can%20script%20it%20to%20your%20liking.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

Do Syslog agent have the capability to forward already existing logs in the syslog server or it will just forward the logs after installing the agent.

2 Replies
Highlighted

@dkjagadabi 

Just the logs after install.  What is the use case you are looking to solve with grabbing backwards logs?

Highlighted

@dkjagadabi 

The Log Analytics Agent will forward new events per the configuration.  This is consistent with a push architecture.

 

If that doesn't meet your requirements, you can always use the Log Analytics Data Collector here where you can script it to your liking.