High Level Steps to Create a Syslog Server for Azure OMS (Log Analytics)
This post is a gathering of TechNet articles and 3rd party blog posts that my college John Dandelis followed to create a linux Syslog server in order to monitor network devices on Operations Management Suite (OMS). Its not a complete step-by-step guide but it is very useful as a reference.
-Install Ubuntu server VM.
Use any Bash Shell to connect to Ubuntu Server. (http://win-bash.sourceforge.net/)
To install Bash shell in windows 10: From updates and security enable for developers, developer mode. From add remove windows components add windows subsystem for Linux.
-Connect to Ubuntu server: ssh <syslog username>@<syslogIP>
-Setup Ubuntu Syslog
Edit rsyslog.conf file: (to edit press “insert”. To quit press “esc” and type “:q” to quit, “:wq” to save and quit, “:q!” to quit without saving )
sudo vim /etc/rsyslog.conf
Uncomment Lines (remove # sign):
-Create a templatefor log receipt
Add Lines Before GLOBAL DIRECTIVES
$template RemoteLogs,”/var/log/%HOSTNAME%/%PROGRAMNAME%.log” *
(The $template RemoteLogs directive (“RemoteLogs” string can be changed to any other descriptive name) forces rsyslog daemon to write log messages to separate local log files in /var/log/, where log file names are defined based on the hostname of the remote sending machine as well as the remote application that generated the logs. The second line (“*.* ?RemoteLogs”) implies that we apply RemoteLogs template to all received logs.)
-Restart syslog service
sudo service rsyslog restart
Install OMS Agent from OMS–>Overview–>Settings–>Connected Sources–>Linux Servers
Copy the “DOWNLOAD AND ONBOARD AGENT FOR LINUX” field and paste into Ubuntu Bash.
Add Syslog Facilities from Overview–>Settings–>Data–>Syslog
local0 or whatever is the device facility you collect logs from.
Show Most Recent Logs
tail -f /var/log/syslog
Create syslog in Ubuntu Server
Setting up SysLog Server on Ubuntu – BlogBT.net
Setting up a syslog server on ubuntu for easy troubleshooting and log keeping
Hit the Esc key; vim goes into command mode. Then you can type
- :qto quit (short for :quit)
- :q!to quit without saving (short for :quit!)
- :wqto write and quit (think write and quit)
- :wq!to write and quit even if file has only read permission (if file does not have write permission: force write)
- :xto write and quit (similar to :wq, but won’t write if there are no changes)
- :qato quit all (short for :quitall)
OMS Agent for Linux
Install Azure Power Shell
Install Agent For log analytics
Pantelis Apostolidis is a Cloud Solutions Architect at Microsoft and an ex Microsoft Azure MVP. For the last 15 years, Pantelis has been involved to major cloud projects in Greece and abroad, helping companies to adopt and deploy cloud technologies, driving business value. He is entitled to a lot of Microsoft Expert Certifications, demonstrating his proven experience in delivering high quality solutions. He is an author, blogger and he is acting as a spokesperson for conferences, workshops and webinars. He is also an active member of several communities as a moderator in azureheads.gr and autoexec.gr. Follow him on Twitter @papostolidis.