Integrating Sentinel Syslog AMA with Secret Server

Syslog is a standard protocol used for sending and receiving log messages in a network. It is commonly employed in Unix and Unix-like systems, but it's also supported on other platforms such as Windows. Syslog allows various devices, applications, and systems to generate log messages and send them to a central logging server or collector for storage, analysis, and monitoring. For more information on setting up logs in Secret Server, click here.

Prerequisites

  • Microsoft Sentinel solution enabled: Syslog

  • Your Azure account must have the following roles and permissions:

    Built-in role Scope Permission
    Virtual Machine Contributor

    • Virtual machines

    • Virtual Machine Scale Sets

    • Azure Arc-enabled servers

    		 To deploy the agent
    Azure Connected Machine Resource Administrator
    Any role that includes the action Microsoft.Resources/deployments/*

    • Subscription

    • Resource group

    • Existing data collection rule

    		 To deploy Azure Resource Manager templates
    Monitoring Contributor

    • Subscription

    • Resource group

    • Existing data collection rule

    		To create or edit data collection rules

The following diagrams illustrate the architecture of Syslog message collection in Microsoft Sentinel, using the Syslog via AMA connectors.