az monitor data-collection rule syslog

Note

This reference is part of the monitor-control-service extension for the Azure CLI (version 2.61.0 or higher). The extension will automatically install the first time you run an az monitor data-collection rule syslog command. Learn more about extensions.

Manage Syslog data source.

Commands

Name	Description	Type	Status
az monitor data-collection rule syslog add	Add a Syslog data source.	Extension	GA
az monitor data-collection rule syslog delete	Delete a Syslog data source.	Extension	GA
az monitor data-collection rule syslog list	List Syslog data sources.	Extension	GA
az monitor data-collection rule syslog show	Show a Syslog data source.	Extension	GA
az monitor data-collection rule syslog update	Update a Syslog data source.	Extension	GA

az monitor data-collection rule syslog add

Add a Syslog data source.

az monitor data-collection rule syslog add --data-collection-rule-name --rule-name
                                           --name
                                           --resource-group
                                           [--facility-names]
                                           [--log-levels]
                                           [--streams]
                                           [--transform-kql]

Examples

Add a Syslog data source

az monitor data-collection rule syslog add --rule-name myCollectionRule --resource-group myResourceGroup --name syslogBase --facility-names syslog --log-levels Alert Critical --streams Microsoft-Syslog

Required Parameters

--data-collection-rule-name --rule-name

The name of the data collection rule. The name is case insensitive.

--name -n

A friendly name for the data source. This name should be unique across all data sources (regardless of type) within the data collection rule.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--facility-names

The list of facility names. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--log-levels

The log levels to collect. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--streams

List of streams that this data source will be sent to. A stream indicates what schema will be used for this data and usually what table in Log Analytics the data will be sent to. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--transform-kql

The KQL query to transform the data source.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

Property	Value
Default value:	False

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property	Value
Default value:	False

--output -o

Output format.

Property	Value
Default value:	json
Accepted values:	json, jsonc, none, table, tsv, yaml, yamlc

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property	Value
Default value:	False

az monitor data-collection rule syslog delete

Delete a Syslog data source.

az monitor data-collection rule syslog delete --data-collection-rule-name --rule-name
                                              --name
                                              --resource-group

Examples

Delete a Syslog data source

az monitor data-collection rule syslog delete --rule-name myCollectionRule --resource-group myResourceGroup --name syslogBase

Required Parameters

--data-collection-rule-name --rule-name

The name of the data collection rule. The name is case insensitive.

--name -n

A friendly name for the data source. This name should be unique across all data sources (regardless of type) within the data collection rule.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

Property	Value
Default value:	False

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property	Value
Default value:	False

--output -o

Output format.

Property	Value
Default value:	json
Accepted values:	json, jsonc, none, table, tsv, yaml, yamlc

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property	Value
Default value:	False

az monitor data-collection rule syslog list

List Syslog data sources.

az monitor data-collection rule syslog list --data-collection-rule-name --rule-name
                                            --resource-group

Examples

List Syslog data sources

az monitor data-collection rule syslog list --rule-name myCollectionRule --resource-group myResourceGroup

Required Parameters

--data-collection-rule-name --rule-name

The name of the data collection rule. The name is case insensitive.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

Property	Value
Default value:	False

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property	Value
Default value:	False

--output -o

Output format.

Property	Value
Default value:	json
Accepted values:	json, jsonc, none, table, tsv, yaml, yamlc

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property	Value
Default value:	False

az monitor data-collection rule syslog show

Show a Syslog data source.

az monitor data-collection rule syslog show --data-collection-rule-name --rule-name
                                            --name
                                            --resource-group

Examples

Show a Syslog data source

az monitor data-collection rule syslog show --rule-name myCollectionRule --resource-group myResourceGroup --name syslogBase

Required Parameters

--data-collection-rule-name --rule-name

The name of the data collection rule. The name is case insensitive.

--name -n

A friendly name for the data source. This name should be unique across all data sources (regardless of type) within the data collection rule.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

Property	Value
Default value:	False

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property	Value
Default value:	False

--output -o

Output format.

Property	Value
Default value:	json
Accepted values:	json, jsonc, none, table, tsv, yaml, yamlc

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property	Value
Default value:	False

az monitor data-collection rule syslog update

Update a Syslog data source.

az monitor data-collection rule syslog update --data-collection-rule-name --rule-name
                                              --name
                                              --resource-group
                                              [--add]
                                              [--facility-names]
                                              [--force-string {0, 1, f, false, n, no, t, true, y, yes}]
                                              [--log-levels]
                                              [--remove]
                                              [--set]
                                              [--streams]
                                              [--transform-kql]

Examples

Update a Syslog data source

az monitor data-collection rule syslog update --rule-name myCollectionRule --resource-group myResourceGroup --name syslogBase --facility-names syslog --log-levels Emergency Critical

Required Parameters

--data-collection-rule-name --rule-name

The name of the data collection rule. The name is case insensitive.

--name -n

A friendly name for the data source. This name should be unique across all data sources (regardless of type) within the data collection rule.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--add

Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.

Property	Value
Parameter group:	Generic Update Arguments

--facility-names

The list of facility names. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--force-string

When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.

Property	Value
Parameter group:	Generic Update Arguments
Accepted values:	0, 1, f, false, n, no, t, true, y, yes

--log-levels

The log levels to collect. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--remove

Remove a property or an element from a list. Example: --remove property.list <indexToRemove> OR --remove propertyToRemove.

Property	Value
Parameter group:	Generic Update Arguments

--set

Update an object by specifying a property path and value to set. Example: --set property1.property2=<value>.

Property	Value
Parameter group:	Generic Update Arguments

--streams

List of streams that this data source will be sent to. A stream indicates what schema will be used for this data and usually what table in Log Analytics the data will be sent to. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--transform-kql

The KQL query to transform the data source.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

Property	Value
Default value:	False

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property	Value
Default value:	False

--output -o

Output format.

Property	Value
Default value:	json
Accepted values:	json, jsonc, none, table, tsv, yaml, yamlc

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property	Value
Default value:	False