Dec 25 2019 10:30 PM
Hello experts,
I am facing a challenge while integrating Azure VM suse linux using syslog dataconnector. I have configured levels and connected to the VM to the workspace. But still it is not showing as connected in data connectors page. Please suggest what could be the issue.
what is the agent used to collect it? is is same to that of Azure Monitor.
Dec 25 2019 11:09 PM
The servers are in a protected region with no internet access. So what needs to be enabled between VM and workspace.
Dec 26 2019 06:14 AM
@Jayesh_D123 yes this is the same agent ( MMA\Azure monitor)
You can see here the SUSE linux is supported https://github.com/microsoft/OMS-Agent-for-Linux#supported-linux-operating-systems
this is the urls that you need to enable in the FW\proxy https://docs.microsoft.com/en-us/azure/azure-monitor/platform/log-analytics-agent#network-firewall-r...
Dec 31 2019 02:38 AM - edited Dec 31 2019 02:42 AM
Hello @Jayesh_D123,
Here is a write-up on how to configure it:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-syslog
Syslog settings in "Advanced Settings" are pushed towards the OMS Agent within 10/15 minutes.
I would suggest to try to get already the logs from your Linux O.S. going to Azure Sentinel by enabling Syslog Facility such as "auth", "deamon" and then have a look inside Azure Sentinel if there is data going the connector in the Data Connector blade.
You may need also to verify that there is no network filtering in place somewhere (Host-level firewall, ...)
Kind Regards,
Thomas