Azure Sentinel - enabling Syslog from onPrem Linux

Frequent Contributor

Checking on details in this:

We have a working Linux Syslog Connector (not in Azure - it's onPrem) but it seems that while we can now see Heartbeat info coming thru that steps 3 & 4 above are not valid...

How can we get this working or have we somehow misunderstood some element?

1 Reply

@David Caddick : 


I think that the instructions on the connector page are somewhat clearer:


  1. Under workspace advanced settings Configuration, select Data and then Syslog.
  2. Select Apply below configuration to my machines and select the facilities and severities.
  3. Click Save.

Also, note that the agent configures behind the scenes rsyslog or syslogNG. If you did manual configuration yourself, it might override.