Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
SOLVED

Selective Logs per MMA (Log) Agent?

Copper Contributor

Hello everyone!

 

Am I correct to assume there's currently no way to ether select a subset of stuff (say only DNS, only IIS, only Security) from each agent individually or by group? I don't see anything as an option anywhere... but I just want to double check.

 

 

Andreas

6 Replies
best response confirmed by AndreasSky (Copper Contributor)
Solution

@AndreasSky You are correct.  However, there is a public preview of the new Azure Monitor Agent that will allow you to do that.  For more information on the new agent go to these pages:

 

@Gary Bushey Thank you for the immediate answer. Am I correct (as I haven't used Arc before) that the machine needs to be Arc-enabled just on the free tier to deploy/manage this agent? Does the Linux AMA one support Syslog/CEF similarly to the MMA one or should we use MMA for Syslog/CEF forwarding?

@AndreasSky As of right now, any non-Azure virtual machines will need to be Arc-enabled in order to have the agent installed on it.

 

I am not 100% sure of the answer (as I have not played with Linux as much as Windows) to your second question but I am fairly certain it does handle Syslog/CEF

@Gary Bushey Yes I saw that on the pages you linked but there are 2 tiers on Azure Arc. Free and 6bucks/server. Any idea if the free one is enough for the agent install/config or is the paid policy one needed?

@AndreasSky The free tier is enough

1 best response

Accepted Solutions
best response confirmed by AndreasSky (Copper Contributor)
Solution

@AndreasSky You are correct.  However, there is a public preview of the new Azure Monitor Agent that will allow you to do that.  For more information on the new agent go to these pages:

 

View solution in original post