Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
Azure-Sentinel/DataConnectors/Syslog-VMSS-AMA
История
mariavaladas b5db7c133d
Update README.md 		2022-10-26 17:22:33 +02:00
..
README.md Update README.md 2022-10-26 17:22:33 +02:00
azureDeploy.json Update azureDeploy.json 2022-10-24 16:02:12 +02:00

README.md

Scalable Syslog collection using VMSS and Azure Monitor Agent

This ARM template will deploy an Ubuntu Virtual Machine Scale Set to forward Syslog to Microsoft Sentinel using Azure Monitor Agent (AMA). This has been built based on the previous solution we had for CEF with Log Analytics Agent (MMA) CEF-VMSS

The ARM template will deploy everything needed:

  • Virtual Machine Scale Set
  • Autoscale settings
  • Network Security Group
  • Virtual Network
  • Subnet
  • Public IP Address
  • Load Balancer
  • Data Collection Rule
  • Data Colection Rule association
  • Managed identity required for AMA to authenticate

The ARM template includes a cloud init to run the required to commands on the VM instances to enable syslog collection.

Deploy Ubuntu VMSS

Deploy to Azure Deploy to Azure Gov