Feb 17 2022 03:19 AM
Hi, I have a scenario where I need to have a Syslog Log forwarding VM that could collect Logs from multiple sources and forward it to a Log Analytics Workspace. Is this possible in Azure?
Feb 17 2022 05:58 AM
@KushanJay If the server has enough power, it can: Get CEF-formatted logs from your device or appliance into Microsoft Sentinel | Microsoft Docs
Feb 20 2022 05:01 PM - edited Feb 20 2022 05:03 PM
SolutionPending on how much data your sending. and from how many sources... if its a lot i would be scale setting the vm. Last i read one box can do close to 10k eps..
Here i a great link to to an arm template that does the scale set and everything else you need. For redhat and ubuntu.
https://github.com/Azure/Azure-Sentinel/tree/master/DataConnectors/CEF-VMSS
reference from - https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/scaling-up-syslog-cef-collection/ba-p...
Feb 20 2022 05:01 PM - edited Feb 20 2022 05:03 PM
SolutionPending on how much data your sending. and from how many sources... if its a lot i would be scale setting the vm. Last i read one box can do close to 10k eps..
Here i a great link to to an arm template that does the scale set and everything else you need. For redhat and ubuntu.
https://github.com/Azure/Azure-Sentinel/tree/master/DataConnectors/CEF-VMSS
reference from - https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/scaling-up-syslog-cef-collection/ba-p...