Collect data from Linux-based sources using syslog

Completed

Configuring the Azure Monitor Agent for Syslog on Linux machines:

Azure Linux VM

To install the agent on an Azure Linux virtual machine:

1. In the Azure portal, enter Monitor in the Search resources, services, and docs search bar.

2. In Monitor, scroll down the left menu to the Settings section and select Data Collection Rules.

3. In Monitor | Data Collection Rules, select + Create.

   

4. On the Data Collection Rule Basics tab, enter a Rule name and specify a Subscription, Resource Group, Region, and Platform Type. For this exercise, select Linux for Platform Type.

5. Select Next:Resources

6. On the Data Collection Rule Resources tab, select + Add resources.

7. In the Select a scope page, expand the Scope column for Subscription and Resource group types until your target VM is displayed.

8. Select the target VM and select Apply. You should see your Linux VM displayed as a Resource.

   

9. Select Next: Collect and deliver.

10. On the Data Collection Rule Collect and deliver tab, select + Add data source.

11. In the Add data source page, select Linux Syslog from the Data source type* drop-down menu, and select Add data source. You should see your Linux Syslog Data source and a Destinations(s) of Azure Monitor Logsdisplayed.

12. Select Review + create, and Create after Validation passed is displayed.

    Note

    This process initiates the Azure Monitor Linux Agent extension install.

13. After the process completes, locate Virtual Machines in the Azure portal and select the Linux VM you configured as a Data Collection Rule resource.

14. On the Virtual machine Overview, scroll down the left menu to the Settings section and select Extensions + applications.

15. Under the Extensions tab, you should see the AzureMonitorLinuxAgent displayed.

    

    Note

    If Microsoft Defender for Cloud Auto-provisioning is enabled, the Azure Monitor Linux Agent is installed by default as an extension using Azure Policy assignment.

Non-Azure Linux machine

To install the agent on non-Azure Linux physical or virtual machines:

1. In the Azure portal, enter Arc in the Search resources, services, and docs search bar.

2. In Azure Arc, scroll down the left navigation menu to the Azure Arc resources section and select Machines.

3. On the Machines page, select + Add/Create and Add a machine.

4. On the Add servers with Azure Arc page, locate the Add a single server box, and select Generate script.

5. On the Add servers with Azure Arc page, Basics tab, select your Subscription and Resource group from the drop-down menus under Project details.

   Tip

   Select an Azure region in Server details before creating a new Resource groups.

6. In the Server details section, select your Region and then select Linux from the Operating system drop-down menu under.

7. Select the appropriate Connectivity method from the radio buttons under Connectivity method, and then select Next.

   

8. On the Add servers with Azure Arc page, Tags tab, enter Physical locations tags as needed and select Next.

9. On the Add servers with Azure Arc page, Download and run script tab, either download or copy the script to the clipboard.

   Tip

   If you're using a Microsoft Windows system with Microsoft Azure, it's easy to copy and paste the script into notepad, then ssh into your Linux machine with PowerShell to run the script in a Bash console.

10. Open a Bash console as an administrative (root) user on your non-Azure Linux machine and run the script.

    This script does the following:

    • Download an installation script from the Microsoft Download Center.
    • Configure the package manager to use and trust the packages.microsoft.com repository.
    • Download the agent from Microsoft's Linux Software Repository.
    • Install the agent on the server.
    • Create the Azure Arc-enabled server resource and associate it with the agent.

11. When the script successfully completes, you should see a message stating Latest version of azcmagent is installed.

12. On the Add servers with Azure Arc page, Download and run script tab, select Close.

13. The next step is to connect your non-Azure Linux server azcmagent to Azure Arc.

14. Copy and edit the following Bash script to include the required parameters in double quotes:

    sudo azcmagent connect --resource-group "$resourceGroup" --tenant-id "$tenantID" --location "$location" --subscription-id "$subscriptionID" --cloud "$cloud" --correlation-id "$correlationId";
    

    Tip

    You can use the export (variables) entries from the agent install script you downloaded or copied to fill in the parameters required in the agent connect script.

15. When the script editing is complete, open a Bash console as an administrative (root) user on your non-Azure Linux machine and run the script.

16. The script tests connectivity to Azure endpoints and then requests you to sign in to https://microsoft.com/devicelogin and enter the supplied code to authenticate.

    

17. Open a Web browser and navigate to the address as directed, and paste or enter the code into the form and select Next to sign in.

18. On the Pick an account page, select your administrator account, and then select Next. Close browser tabs when complete.

19. In your Bash console, you should see an INFO Connected machine to Azure message.

20. Verify your non-Azure machine is connected to Azure Arc in the Azure portal by entering Arc in the Search resources, services, and docs search bar.

21. In Azure Arc, scroll down the left navigation menu to the Azure Arc resources section and select Machines. You should see your machine with an Arc agent Status of Connected.

    

    Note

    Select Refresh if the Linux machine isn't displayed.

22. The next task is to add your newly connected Azure Arc Linux server to your previously created Data Collection Rule for Syslog.

23. In the Azure portal, enter DCR in the Search resources, services, and docs search bar.

24. Select your Syslog Data Collection Rule

25. In your Data Collection Rule, scroll down the left menu to the Configuration section and select Resources.

26. In Resources select + Add

27. In the Select a scope page, expand the Scope column until your Server - Azure Arc Resource type newly connected Linux machine is displayed.

28. Select the Linux Azure Arc machine and select Apply

29. The Linux Azure Arc VM is now included as one of the Data Collection Rule Resources.