MEAPSA

Learn about the Azure Monitor Agent Linux Syslog Data Collection Rule configuration options, which enable you to parse Syslog data.

Security Operations Analyst

Azure

Log Analytics

Monitor

Microsoft Sentinel

Upon completion of this module, the learner is able to:

Describe the Azure Monitor Agent Data Collection Rule (DCR) for Syslog
Install and Configure the Azure Monitor Linux Agent extension with the Syslog DCR
Run the Azure Arc Linux deployment and connection scripts
Verify Syslog log data is available in Microsoft Sentinel
Create a parser using KQL in Microsoft Sentinel

Prerequisites

Basic knowledge of operational concepts such as monitoring, logging, and alerting
Familiarity with Linux operations and monitoring