You have an Azure subscription that contains an Azure Log Analytics workspace.
You have a resource group that contains 100 virtual machines. The virtual machines run Linux.
You need to collect events from the virtual machines to the Log Analytics workspace.
Which type of data source should you configure in the workspace?
Click on the arrows to vote for the correct answer
A. B. C.A
Syslog is an event logging protocol that is common to Linux. Applications will send messages that may be stored on the local machine or delivered to a Syslog collector. When the Log Analytics agent for Linux is installed, it configures the local Syslog daemon to forward messages to the agent. The agent then sends the message to Azure Monitor where a corresponding record is created.
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-custom-logsTo collect events from the Linux virtual machines to the Log Analytics workspace, you should configure the Syslog data source in the workspace. Syslog is a standard protocol used for forwarding system log messages from one device to another. Linux virtual machines can be configured to send their system log data to a Syslog server, which can then forward the data to the Log Analytics workspace.
Here's how you can configure Syslog as a data source in the Log Analytics workspace:
In the Azure portal, navigate to the Log Analytics workspace that you want to configure.
Click on the "Advanced settings" menu option in the left-hand pane.
Click on the "Data sources" option.
Click on the "Syslog" option.
Provide the necessary details for configuring Syslog as a data source, such as the IP address of the Syslog server and the port number to use for forwarding log data.
Save the configuration.
Once Syslog has been configured as a data source, you can configure the Linux virtual machines to send their system log data to the Syslog server. This can be done by modifying the Syslog configuration file on each virtual machine. The exact steps for doing this may vary depending on the Linux distribution and version that you are using, but generally involves adding a new line to the configuration file that specifies the IP address and port number of the Syslog server.
For example, if the Syslog server has an IP address of 10.0.0.5 and is listening on port 514, you might add the following line to the Syslog configuration file:
css*.* @10.0.0.5:514 This instructs the Linux virtual machine to forward all system log data to the Syslog server at the specified IP address and port number.
Once the Linux virtual machines have been configured to send their system log data to the Syslog server, the data will be forwarded to the Log Analytics workspace and can be analyzed using the various tools and features provided by the workspace. For example, you might create queries and visualizations to identify patterns and trends in the log data, or set up alerts to notify you when certain events or conditions occur.