Forum Discussion
Can a single Syslog Log forwarder VM get logs from multiple Log Sources?
Hi, I have a scenario where I need to have a Syslog Log forwarding VM that could collect Logs from multiple sources and forward it to a Log Analytics Workspace. Is this possible in Azure?
Pending on how much data your sending. and from how many sources... if its a lot i would be scale setting the vm. Last i read one box can do close to 10k eps..
Here i a great link to to an arm template that does the scale set and everything else you need. For redhat and ubuntu.
https://github.com/Azure/Azure-Sentinel/tree/master/DataConnectors/CEF-VMSS
reference from - https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/scaling-up-syslog-cef-collection/ba-p/1185854
KushanJay If the server has enough power, it can: Get CEF-formatted logs from your device or appliance into Microsoft Sentinel | Microsoft Docs
