Integrating Sentinel Syslog AMA with Secret Server

Syslog is a standard protocol used for sending and receiving log messages in a network. It is commonly employed in Unix and Unix-like systems, but it's also supported on other platforms such as Windows. Syslog allows various devices, applications, and systems to generate log messages and send them to a central logging server or collector for storage, analysis, and monitoring. For more information on setting up logs in Secret Server, click here.

This integration works only with Secret Server Cloud.

Prerequisites

  • Microsoft Sentinel solution enabled: Syslog

  • Your Azure account must have the following roles and permissions:

    Built-in role Scope Permission
    Virtual Machine Contributor

    • Virtual machines

    • Virtual Machine Scale Sets

    • Azure Arc-enabled servers

    		 To deploy the agent
    Azure Connected Machine Resource Administrator
    Any role that includes the action Microsoft.Resources/deployments/*

    • Subscription

    • Resource group

    • Existing data collection rule

    		 To deploy Azure Resource Manager templates
    Monitoring Contributor

    • Subscription

    • Resource group

    • Existing data collection rule

    		To create or edit data collection rules

The following diagrams illustrate the architecture of Syslog message collection in Microsoft Sentinel, using the Syslog via AMA connectors.