a docker image containing omsagent that will be used to send logs to Log Analytics, and rsyslog configured to send Common Event Formatted messages to CommonSecurityLogs.
To connect your external appliance to Azure Sentinel, an agent must be deployed on a dedicated machine (VM or on premises) to support the communication between the appliance and Azure Sentinel. You can deploy the agent automatically or manually. Automatic deployment is only available if your dedicated machine is a new VM you are creating in Azure....
With the convenience of running a simple container image you can deploy the 'syslog agent' within minutes.
- Start the OMS container:
$>sudo docker run -d -e WSID="your workspace id" -e KEY="your key" -p 514:514/tcp -p 514:514/udp --restart=always meauris/syslogoms
Once you're set up, we'd like you to try the following scenarios and play around with the system.