Integrating Sentinel Syslog AMA with Secret Server
Syslog is a standard protocol used for sending and receiving log messages in a network. It is commonly employed in Unix and Unix-like systems, but it's also supported on other platforms such as Windows. Syslog allows various devices, applications, and systems to generate log messages and send them to a central logging server or collector for storage, analysis, and monitoring. For more information on setting up logs in Secret Server, click here.
Prerequisites
-
Microsoft Sentinel solution enabled: Syslog
-
Your Azure account must have the following roles and permissions:
Built-in role Scope Permission Virtual Machine Contributor -
Virtual machines
-
Virtual Machine Scale Sets
-
Azure Arc-enabled servers
To deploy the agent Azure Connected Machine Resource Administrator Any role that includes the action Microsoft.Resources/deployments/* -
Subscription
-
Resource group
-
Existing data collection rule
To deploy Azure Resource Manager templates Monitoring Contributor -
Subscription
-
Resource group
-
Existing data collection rule
To create or edit data collection rules -
The following diagrams illustrate the architecture of Syslog message collection in Microsoft Sentinel, using the Syslog via AMA connectors.