![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 69%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES1%3C/text%3E%3C/svg%3E)
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,037 questions
Hi @SujinaSJ-1789 ,
As per this Azure document, equivalent of Event kusto table for Windows is Syslog kusto table for Linux. However, to monitor a service or deamon, recommended approach as per this section of the same Azure document is using kusto tables ConfigurationChange and ConfigurationData. As per your use case scenario, follow any of the approaches.
If you are looking for a sample using Syslog kusto table then for example, to check if services like sshd, rsyslogd, and crond or cron are in a stopped state on Linux using Syslog, you can use the following sample KQL query:
Syslog
| where Facility == "daemon" and (SyslogMessage contains "sshd" or SyslogMessage contains "rsyslogd" or SyslogMessage contains "crond" or SyslogMessage contains "cron") and SyslogMessage contains "exited with status 0"
This sample query would filter the Syslog table for messages from the daemon facility that contain the names of the services you want to check and have exited with a status of 0, which indicates a successful stop. You can adjust the query to include additional services or change the status code as needed.