There's nothing blocking you from deploying an Ubuntu Azure VM that acts as your syslog collector and forwarder. There's a sample deployment script in this articlehttps://learn.microsoft.com/en-us/azure/sentinel/connect-log-forwarder?tabs=rsyslogAlternatively, if you can deploy the Azure Monitor agent to your devices, you can use Azure Monitor syslog support to act as an integration point with Sentinel. https://learn.microsoft.com/en-us/azure/azure-monitor/agents/data-sources-syslog
HAVING MY SYSLOG SERVER IN AZURE CLOUD FOR ONPREM MIRAKI
AO
20
Reputation points
This article https://learn.microsoft.com/en-us/azure/sentinel/connect-syslog describes the collection of syslog from linus base devices like my Miraki devices. However, the current architecture requires the use of a VM on-prem which will allow the log analytic agent forward the events over TCP443 to sentinel. is there an approach that allows me to have my syslog collecting server within Azure in the cloud as I intend to migrate from having an on-prem presence?