Note: Please refer to the following before installing the solution:

• Review the solution Release Notes

• There may be known issues pertaining to this Solution, please refer to them before installing.

The Syslog solution allows you to ingest events from applications or appliances that generate and can forward logs in the Syslog format to a Syslog Forwarder. The Agent for Linux is then able to forward these logs to the Log Analytics/Microsoft Sentinel workspace.

Installing this solution will deploy two data connectors,

1. Syslog via AMA - This data connector helps in ingesting syslog messages into your Log Analytics Workspace using the new Azure Monitor Agent. Learn more about ingesting using the new Azure Monitor Agent here. Microsoft recommends using this Data Connector.

2. Syslog via Legacy Agent - This data connector helps in ingesting syslog messages into your Log Analytics Workspace using the legacy Log Analytics agent.

NOTE: After the solution is installed, Microsoft recommends configuring and leveraging the Syslog via AMA connector for log ingestion. Legacy connector uses the Log Analytics agent, which is about to be deprecated by Aug 31, 2024, and thus should only be installed where AMA is not supported.

Data Connectors: 2, Workbooks: 1, Analytic Rules: 7, Hunting Queries: 9

Learn more about Microsoft Sentinel | Learn more about Solutions