![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(310.4, 70%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EL%3C/text%3E%3C/svg%3E)
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
2,787 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(156.8, 70%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
Hi @LeifDavisson ,
If I understood correctly your scenario, there are few things to clarify here:
The Log Analytics (OMS) Gateway is intended to act as a proxy when you want to connect Log Analytics Agents running on VMs without internet access to a Log Analytics Workspace (it cannot be used as a Syslog Forwarder):
Now, you have a Syslog source where you cannot install the Log Analytics (or Azure Monitor) Agent.
For you to be able to get that Syslog data in Sentinel, you need to use what is called a Syslog Forwarder.
The process is the following:
- Install a Linux Log Analytics Agent on a Linux VM and ensure is connected to the Sentinel Workspace (directly or through a Log Analytics Gateway if the VM is not having internet access)
- Configure the Syslog Collection from the Log Analytics Workspace (from Legacy Agents Management --> Syslog)
- Configure your Syslog Source (your ARM IOT device) to forward the Syslog data to the Linux Forwarder you configured at step 1 on the facility you configured to be collected at step 2
These instructions are also presented here.
I hope that this is the info you're looking for.
BR,
George
