SOLVED

Install Log Analytics for Azure Sentinel alongside SCOM

%3CLINGO-SUB%20id%3D%22lingo-sub-1458223%22%20slang%3D%22en-US%22%3EInstall%20Log%20Analytics%20for%20Azure%20Sentinel%20alongside%20SCOM%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1458223%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20would%20like%20to%20install%20a%20log%20analytics%20agent%20for%20Azure%20Sentinel%20on%20a%20host%20on%20which%20an%20SCOM%20agent%20is%20already%20running.%20What%20is%20the%20best%20way%20to%20proceed%2C%20so%20that%20SCOM%20is%20still%20enabled%2C%20and%20Security%20Events%20are%20being%20forwarded%20to%20the%20log%20analytics%20workspace%20for%20Sentinel%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20in%20advance!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1458658%22%20slang%3D%22en-US%22%3ERe%3A%20Install%20Log%20Analytics%20for%20Azure%20Sentinel%20alongside%20SCOM%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1458658%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F697265%22%20target%3D%22_blank%22%3E%40csmits%3C%2FA%3E%26nbsp%3BFrom%20the%20Overview%20of%20Azure%20Monitor%20agents%20page%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fazure-monitor%2Fplatform%2Fagents-overview%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fazure-monitor%2Fplatform%2Fagents-overview%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CH2%20id%3D%22toc-hId--1325717076%22%20id%3D%22toc-hId--1325717076%22%20id%3D%22toc-hId--1325717076%22%3ELog%20Analytics%20agent%3C%2FH2%3E%3CP%3EThe%20Log%20Analytics%20agent%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Ecollects%20monitoring%20data%20from%20the%20guest%20operating%20system%20and%20workloads%20of%20virtual%20machines%20in%20Azure%2C%20other%20cloud%20providers%2C%20and%20on-premises.%20It%20collects%20data%20into%20a%20Log%20Analytics%20workspace.%20%3CSTRONG%3EThe%20Log%20Analytics%20agent%20is%20the%20same%20agent%20used%20by%20System%20Center%20Operations%20Manager%2C%20and%20you%20can%20multihome%20agent%20computers%20to%20communicate%20with%20your%20management%20group%20and%20Azure%20Monitor%20simultaneously.%3C%2FSTRONG%3E%20This%20agent%20is%20also%20required%20by%20certain%20insights%20and%20solutions%20in%20Azure%20Monitor.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1588886%22%20slang%3D%22en-US%22%3ERe%3A%20Install%20Log%20Analytics%20for%20Azure%20Sentinel%20alongside%20SCOM%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1588886%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F46875%22%20target%3D%22_blank%22%3E%40Gary%20Bushey%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECould%20you%20please%20share%20the%20link%20to%20download%20the%20binaries%20for%20Log%20Analytics%20agent%20(Microsoft%20Monitoring%20Agent)%20which%20can%20be%20upgraded%20over%20SCOM%20Agent.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks!%3C%2FP%3E%3CP%3ESreejeet%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

Hi,

 

We would like to install a log analytics agent for Azure Sentinel on a host on which an SCOM agent is already running. What is the best way to proceed, so that SCOM is still enabled, and Security Events are being forwarded to the log analytics workspace for Sentinel?

 

Thanks in advance!

2 Replies
Highlighted
Best Response confirmed by rodtrent (Microsoft)
Solution

@csmits From the Overview of Azure Monitor agents page: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/agents-overview

 

Log Analytics agent

The Log Analytics agent collects monitoring data from the guest operating system and workloads of virtual machines in Azure, other cloud providers, and on-premises. It collects data into a Log Analytics workspace. The Log Analytics agent is the same agent used by System Center Operations Manager, and you can multihome agent computers to communicate with your management group and Azure Monitor simultaneously. This agent is also required by certain insights and solutions in Azure Monitor.

Highlighted

@Gary Bushey 

 

Could you please share the link to download the binaries for Log Analytics agent (Microsoft Monitoring Agent) which can be upgraded over SCOM Agent.

 

Thanks!

Sreejeet