Summary and resources
You should have learned how to send Syslog log data to the Microsoft Sentinel workspace using the provided data connector.
You should now be able to:
- Describe the Azure Monitor Agent Data Collection Rule (DCR) for Syslog
- Run the Azure Arc Linux deployment and connection scripts
- Install and Configure the Azure Monitor Linux Agent extension with the Syslog DCR
- Verify Syslog log data is available in Microsoft Sentinel
- Create a parser using KQL in Microsoft Sentinel
Learn more
You can learn more by reviewing the following.
Collect Syslog events with Azure Monitor Agent