High Level Steps to Create a Syslog Server for Azure OMS (Log Analytics)


This post is a gathering of TechNet articles and 3rd party blog posts that my college John Dandelis followed to create a linux Syslog server in order to monitor network devices on Operations Management Suite (OMS). Its not a complete step-by-step guide but it is very useful as a reference.


-Install Ubuntu server VM.

Use any Bash Shell to connect to Ubuntu Server. (http://win-bash.sourceforge.net/)

To install Bash shell in windows 10: From updates and security enable for developers, developer mode. From add remove windows components add windows subsystem for Linux.


-Connect to Ubuntu server: ssh <syslog username>@<syslogIP>


-Setup Ubuntu Syslog



Edit rsyslog.conf file:   (to edit press “insert”. To quit press “esc” and type “:q” to quit, “:wq” to save and quit, “:q!” to quit without saving )

sudo vim /etc/rsyslog.conf


Uncomment Lines (remove # sign):

#$ModLoad imudp

#$UDPServerRun 514


-Create a templatefor log receipt


$template RemoteLogs,”/var/log/%HOSTNAME%/%PROGRAMNAME%.log” *

*,*  ?RemoteLogs


(The $template RemoteLogs directive (“RemoteLogs” string can be changed to any other descriptive name) forces rsyslog daemon to write log messages to separate local log files in /var/log/, where log file names are defined based on the hostname of the remote sending machine as well as the remote application that generated the logs. The second line (“*.* ?RemoteLogs”) implies that we apply RemoteLogs template to all received logs.)


-Restart syslog service

sudo service rsyslog restart


Install OMS Agent from OMS–>Overview–>Settings–>Connected Sources–>Linux Servers

Copy the “DOWNLOAD AND ONBOARD AGENT FOR LINUX” field and paste into Ubuntu Bash.


Add Syslog Facilities from Overview–>Settings–>Data–>Syslog

local0 or whatever is the device facility you collect logs from.


Show Most Recent Logs

tail -f /var/log/syslog



Χρήσιμα Site:


Create syslog in Ubuntu Server



Setting up SysLog Server on Ubuntu – BlogBT.net


Setting up a syslog server on ubuntu for easy troubleshooting and log keeping



Ubuntu 14.04 Syslog Server


VIM Editor:


Hit the Esc key; vim goes into command mode. Then you can type

  • :qto quit (short for :quit)
  • :q!to quit without saving (short for :quit!)
  • :wqto write and quit (think write and quit)
  • :wq!to write and quit even if file has only read permission (if file does not have write permission: force write)
  • :xto write and quit (similar to :wq, but won’t write if there are no changes)
  • :qato quit all (short for :quitall)


OMS Agent for Linux





Install Azure Power Shell



Install Agent For log analytics




