az monitor data-collection rule syslog

Note

This reference is part of the monitor-control-service extension for the Azure CLI (version 2.15.0 or higher). The extension will automatically install the first time you run an az monitor data-collection rule syslog command. Learn more about extensions.

Manage Syslog data source.

Commands

az monitor data-collection rule syslog add	Add a Syslog data source.
az monitor data-collection rule syslog delete	Delete a Syslog data source.
az monitor data-collection rule syslog list	List Syslog data sources.
az monitor data-collection rule syslog show	Show a Syslog data source.
az monitor data-collection rule syslog update	Update a Syslog data source.

az monitor data-collection rule syslog add

Add a Syslog data source.

az monitor data-collection rule syslog add --facility-names {*, auth, authpriv, cron, daemon, kern, local0, local1, local2, local3, local4, local5, local6, local7, lpr, mail, mark, news, syslog, user, uucp}
                                           --name
                                           --streams {Microsoft-Syslog}
                                           [--ids]
                                           [--log-levels {*, Alert, Critical, Debug, Emergency, Error, Info, Notice, Warning}]
                                           [--resource-group]
                                           [--rule-name]
                                           [--subscription]

Examples

Add a Syslog data source

az monitor data-collection rule syslog add --rule-name "myCollectionRule" --resource-group "myResourceGroup" --name "syslogBase" --facility-names "syslog" --log-levels "Alert" "Critical" --streams "Microsoft-Syslog"

Required Parameters

--facility-names

The list of facility names.

accepted values: *, auth, authpriv, cron, daemon, kern, local0, local1, local2, local3, local4, local5, local6, local7, lpr, mail, mark, news, syslog, user, uucp

--name -n

A friendly name for the data source. This name should be unique across all data sources (regardless of type) within the data collection rule.

--streams

List of streams that this data source will be sent to. A stream indicates what schema will be used for this data and usually what table in Log Analytics the data will be sent to.

accepted values: Microsoft-Syslog

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--log-levels

The log levels to collect.

accepted values: *, Alert, Critical, Debug, Emergency, Error, Info, Notice, Warning

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--rule-name

The name of the data collection rule. The name is case insensitive.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az monitor data-collection rule syslog delete

Delete a Syslog data source.

az monitor data-collection rule syslog delete --name
                                              [--ids]
                                              [--resource-group]
                                              [--rule-name]
                                              [--subscription]

Examples

Delete a Syslog data source

az monitor data-collection rule syslog delete --rule-name "myCollectionRule" --resource-group "myResourceGroup" --name "syslogBase"

Required Parameters

--name -n

A friendly name for the data source. This name should be unique across all data sources (regardless of type) within the data collection rule.

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--rule-name

The name of the data collection rule. The name is case insensitive.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az monitor data-collection rule syslog list

List Syslog data sources.

az monitor data-collection rule syslog list --resource-group
                                            --rule-name

Examples

List Syslog data sources

az monitor data-collection rule syslog list --rule-name "myCollectionRule" --resource-group "myResourceGroup"

Required Parameters

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--rule-name

The name of the data collection rule. The name is case insensitive.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az monitor data-collection rule syslog show

Show a Syslog data source.

az monitor data-collection rule syslog show --name
                                            [--ids]
                                            [--resource-group]
                                            [--rule-name]
                                            [--subscription]

Examples

Show a Syslog data source

az monitor data-collection rule syslog show --rule-name "myCollectionRule" --resource-group "myResourceGroup" --name "syslogBase"

Required Parameters

--name -n

A friendly name for the data source. This name should be unique across all data sources (regardless of type) within the data collection rule.

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--rule-name

The name of the data collection rule. The name is case insensitive.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az monitor data-collection rule syslog update

Update a Syslog data source.

az monitor data-collection rule syslog update --name
                                              [--facility-names {*, auth, authpriv, cron, daemon, kern, local0, local1, local2, local3, local4, local5, local6, local7, lpr, mail, mark, news, syslog, user, uucp}]
                                              [--ids]
                                              [--log-levels {*, Alert, Critical, Debug, Emergency, Error, Info, Notice, Warning}]
                                              [--resource-group]
                                              [--rule-name]
                                              [--streams {Microsoft-Syslog}]
                                              [--subscription]

Examples

Update a Syslog data source

az monitor data-collection rule syslog update --rule-name "myCollectionRule" --resource-group "myResourceGroup" --name "syslogBase" --facility-names "syslog" --log-levels "Emergency" "Critical"

Required Parameters

--name -n

A friendly name for the data source. This name should be unique across all data sources (regardless of type) within the data collection rule.

Optional Parameters

--facility-names

The list of facility names.

accepted values: *, auth, authpriv, cron, daemon, kern, local0, local1, local2, local3, local4, local5, local6, local7, lpr, mail, mark, news, syslog, user, uucp

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--log-levels

The log levels to collect.

accepted values: *, Alert, Critical, Debug, Emergency, Error, Info, Notice, Warning

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--rule-name

The name of the data collection rule. The name is case insensitive.

--streams

List of streams that this data source will be sent to. A stream indicates what schema will be used for this data and usually what table in Log Analytics the data will be sent to.

accepted values: Microsoft-Syslog

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.