MEAPSA

Connect syslog data sources to Microsoft Sentinel

Learn about the Syslog connector's configuration options which will enable you to parse Syslog data.

Security Operations Analyst

Azure

Sentinel

Module Objectives

Upon completion of this module, the learner will be able to:

Describe the Syslog connector deployment options in Microsoft Sentinel
Run the connector deployment script to send data to Microsoft Sentinel
Configure the Log Analytics agent integration for Microsoft Sentinel
Create a parse using KQL in Microsoft Sentinel

Units

Introduction min
Plan for the syslog connector min
Collect data from Linux-based sources using syslog min
Configure the log analytics agent min
Parse syslog data with KQL min
Knowledge check min
Summary and resources min

Prerequisites

Basic knowledge of operational concepts such as monitoring, logging, and alerting
Basic knowledge of Linux