Log Analytics workspace is not showing the log collection settings for Windows or Linux




For a while now, the Log Analytics Advanced Settings is no longer reflecting the settings for log collection for Windows event logs or syslog facilities. This is happening on all the Sentinel instances that I have access to (and that's quite a few). In the screenshot below, one can see what the settings for syslog collection look like but in reality, the logs are being collected for the facilities that I have configured but they are not shown anymore on this configuration page. It is very difficult to tell what is configured without connecting to the syslog source and checking the agent configuration. The same thing is true for the non-security Windows event logs such as Application or System.


I have customers that contacted me to ask about this as well as they are trying to adjust the log collection settings. 


I will open a ticket with Microsoft but maybe others have a solution for this?




1 Reply


Generally these re-appear after a small delay, opening a ticket is the right course of action.