Connect syslog data sources to Microsoft Sentinel

Module
7 Units

Intermediate

Security Operations Analyst

Azure

Microsoft Sentinel

Azure Log Analytics

Azure Monitor

Learn about the Azure Monitor Agent Linux Syslog Data Collection Rule configuration options, which enable you to parse Syslog data.

Learning objectives

Upon completion of this module, the learner is able to:

Describe the Azure Monitor Agent Data Collection Rule (DCR) for Syslog
Install and Configure the Azure Monitor Linux Agent extension with the Syslog DCR
Run the Azure Arc Linux deployment and connection scripts
Verify Syslog log data is available in Microsoft Sentinel
Create a parser using KQL in Microsoft Sentinel

Prerequisites

Basic knowledge of operational concepts such as monitoring, logging, and alerting
Familiarity with Linux operations and monitoring

Get started with Azure

Choose the Azure account that's right for you. Pay as you go or try Azure free for up to 30 days. Sign up.

Introduction min
Plan for syslog data collection min
Collect data from Linux-based sources using syslog min
Configure the Data Collection Rule for Syslog Data Sources min
Parse syslog data with KQL min
Module assessment min
Summary and resources min