A naukri.com initiative
Msandbu
1M
210
Image Credit: Msandbu
Azure Monitor Agent Syslog forwarding to Sentinel Troubleshooting and Disk usage
- This article covers how to configure Syslog to forward logs to Azure Monitor Agent and ultimately send them to Microsoft Sentinel. The author discusses common troubleshooting steps and how to manage disk space if Syslog logs start filling up your disk. The article provides a one-liner from Microsoft that is useful to configure Azure Monitor agent on the machine and do the correct configuration on it to forward it.
- The article shares a list of recommended log sources from which the log categories should be collected from the Syslog server. If you are collecting information from services such as VMware, then you should add user logs.
- The author discusses the steps to check for available space and clean up excessive logs if your disk is filling up due to Syslog data. These steps include checking Disk Space, checking Azure Monitor Agent error logs and cleaning up unnecessary logs.
- To free up disk space, we can remove large or unnecessary logs that are stored locally, since our goal is to forward them to Sentinel. The article describes how to delete unnecessary logs.
- If you encounter other issues and if the disk usage is not the culprit, you can run a built-in troubleshooter to diagnose and resolve issues. The article discusses how to run the troubleshooter and disable and re-enable the Azure Monitor Agent when needed.
- To configure Syslog to stop logging locally and forward logs directly to Azure Monitor Agent (which will forward it to Sentinel), the article instructs to edit the Syslog configuration and disable local log storage. After editing the configuration, the Syslog service needs to be restarted to apply the changes.
Read Full Article
12 Likes
For uninterrupted reading, download the app