Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Unable to integrate suse linux (azure VM) on azure sentinel

Copper Contributor

Hello experts,

 

I am facing a challenge while integrating Azure VM suse linux using syslog dataconnector. I have configured levels and connected to the VM to the workspace. But still it is not showing as connected in data connectors page. Please suggest what could be the issue.

 

what is the agent used to collect it? is is same to that of Azure Monitor.

3 Replies

@Jayesh_D123 

 

The servers are in a protected region with no internet access. So what needs to be enabled between VM and workspace.

@Jayesh_D123 yes this is the same agent ( MMA\Azure monitor)

You can see here the SUSE linux is supported https://github.com/microsoft/OMS-Agent-for-Linux#supported-linux-operating-systems

 

this is the urls that you need to enable in the FW\proxy https://docs.microsoft.com/en-us/azure/azure-monitor/platform/log-analytics-agent#network-firewall-r...

Hello @Jayesh_D123,

 

Here is a write-up on how to configure it: 

https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-syslog
Syslog settings in "Advanced Settings" are pushed towards the OMS Agent within 10/15 minutes.

 

I would suggest to try to get already the logs from your Linux O.S. going to Azure Sentinel by enabling Syslog Facility such as "auth", "deamon" and then have a look inside Azure Sentinel if there is data going the connector in the Data Connector blade.

 

You may need also to verify that there is no network filtering in place somewhere (Host-level firewall, ...)


Kind Regards,

Thomas