Connect syslog data sources to Microsoft Sentinel

Intermediate
Security Operations Analyst
Azure
Microsoft Sentinel
Azure Log Analytics
Azure Monitor

Learn about the Azure Monitor Agent Linux Syslog Data Collection Rule configuration options, which enable you to parse Syslog data.

Learning objectives

Upon completion of this module, the learner is able to:

  • Describe the Azure Monitor Agent Data Collection Rule (DCR) for Syslog
  • Install and Configure the Azure Monitor Linux Agent extension with the Syslog DCR
  • Run the Azure Arc Linux deployment and connection scripts
  • Verify Syslog log data is available in Microsoft Sentinel
  • Create a parser using KQL in Microsoft Sentinel

Prerequisites

  • Basic knowledge of operational concepts such as monitoring, logging, and alerting
  • Familiarity with Linux operations and monitoring