Tech Community Live: Microsoft Security
Dec 03 2024, 07:00 AM - 11:30 AM (PST)
Microsoft Tech Community
SOLVED

Can a single Syslog Log forwarder VM get logs from multiple Log Sources?

Copper Contributor

Hi, I have a scenario where I need to have a Syslog Log forwarding VM that could collect Logs from multiple sources and forward it to a Log Analytics Workspace. Is this possible in Azure?

2 Replies
best response confirmed by KushanJay (Copper Contributor)
Solution

Pending on how much data your sending. and from how many sources... if its a lot i would be scale setting the vm. Last i read one box can do close to 10k eps..

 

Here i a great link to to an arm template that does the scale set and everything else you need. For redhat and ubuntu.

 

https://github.com/Azure/Azure-Sentinel/tree/master/DataConnectors/CEF-VMSS

 

reference from - https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/scaling-up-syslog-cef-collection/ba-p...

 

1 best response

Accepted Solutions
best response confirmed by KushanJay (Copper Contributor)
Solution

Pending on how much data your sending. and from how many sources... if its a lot i would be scale setting the vm. Last i read one box can do close to 10k eps..

 

Here i a great link to to an arm template that does the scale set and everything else you need. For redhat and ubuntu.

 

https://github.com/Azure/Azure-Sentinel/tree/master/DataConnectors/CEF-VMSS

 

reference from - https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/scaling-up-syslog-cef-collection/ba-p...

 

View solution in original post