What's new: Improvements to the Log Analytics Agent
Published Dec 13 2020 09:47 PM 6,512 Views
Microsoft

This installment is part of a broader series to keep you up to date with the latest features in Microsoft Sentinel. The installments will be bite-sized to enable you to easily digest the new content. 

 

Note: The Log Analytics agent is sometimes referred to as the OMS Agent or the Microsoft Monitoring Agent (MMA). 

 

We’ve made some improvements to the Log Analytics agent that will make it even easier and flexible for you to use across a wider range of platforms. 

 

If you’re unfamiliar with this product, the Azure Log Analytics agent collects telemetry from Windows and Linux virtual machines in any cloud, on-premises machines, and those monitored by System Center Operations Manager and sends it collected data to your Log Analytics workspace. You can read more about it here. You can also read the release notes for the agent here.

 

In Microsoft Sentinel, it can be used to facilitate the sending of the following events to your workspace: 

 

  • Windows Security events 
  • Syslog 
  • Common Event Format (CEF) logs 
  • Windows Firewall logs
  • DNS logs
  • IIS logs
  • Network connections

 

LA Agent gif.gif

 

Support for new operating systems 

 

The Log Analytics agent can now be installed on an even wider range of Linux distros. We recently added support for: 

 

  • CentOS 8 
  • RedHat 8 
  • SUSE Linux 15 

Click here to see the full list of supported OSs.

 

 

Support for Python 3 

 

Probably even more anticipated then our expanded OS support, we are happy to announce that starting from Agent version 1.13.27, the Linux Log Analytics Agent will support both Python 2 and 3This means that customers now have the option to use whatever Python version they prefer (or whatever comes by default on their machine). This works both for a direct install of the agent and when installing as part of the CEF log forwarder.

 

 

Get started today! 

 

Try out the new connector and let us know your feedback using any of the channels listed in the Resources. 

 

You can also contribute new connectors, workbooks, analytics and more in Microsoft Sentinel. Get started now by joining the Azure Sentinel Threat Hunters GitHub community and follow the guidance. 

 

 

With thanks to @Jeremy Tan@Chi_Nguyen and @Ofer_Shezaf for their inputs on this blog post.

Co-Authors
Version history
Last update:
‎Oct 28 2021 07:28 PM
Updated by: