High Level Steps to Create a Syslog Server for Azure OMS (Log Analytics)

This post is a gathering of TechNet articles and 3rd party blog posts that my college John Dandelis followed to create a linux Syslog server in order to monitor network devices on Operations Management Suite (OMS). Its not a complete step-by-step guide but it is very useful as a reference.

-Install Ubuntu server VM.
Use any Bash Shell to connect to Ubuntu Server. (http://win-bash.sourceforge.net/)
To install Bash shell in windows 10: From updates and security enable for developers, developer mode. From add remove windows components add windows subsystem for Linux.

-Connect to Ubuntu server: ssh <syslog username>@<syslogIP>

-Setup Ubuntu Syslog
https://msandbu.wordpress.com/2016/02/22/monitoring-syslog-from-oms-with-non-oms-agents/

Edit rsyslog.conf file: (to edit press “insert”. To quit press “esc” and type “:q” to quit, “:wq” to save and quit, “:q!” to quit without saving )
sudo vim /etc/rsyslog.conf

Uncomment Lines (remove # sign):
#$ModLoad imudp
#$UDPServerRun 514

-Create a templatefor log receipt
Add Lines Before GLOBAL DIRECTIVES
$template RemoteLogs,”/var/log/%HOSTNAME%/%PROGRAMNAME%.log” *
*,* ?RemoteLogs

(The $template RemoteLogs directive (“RemoteLogs” string can be changed to any other descriptive name) forces rsyslog daemon to write log messages to separate local log files in /var/log/, where log file names are defined based on the hostname of the remote sending machine as well as the remote application that generated the logs. The second line (“*.* ?RemoteLogs”) implies that we apply RemoteLogs template to all received logs.)

-Restart syslog service
sudo service rsyslog restart

Install OMS Agent from OMS–>Overview–>Settings–>Connected Sources–>Linux Servers
Copy the “DOWNLOAD AND ONBOARD AGENT FOR LINUX” field and paste into Ubuntu Bash.

Add Syslog Facilities from Overview–>Settings–>Data–>Syslog
local0 or whatever is the device facility you collect logs from.

Show Most Recent Logs
tail -f /var/log/syslog

Χρήσιμα Site:

Create syslog in Ubuntu Server
http://blogbt.net/index.php/2013/11/syslog-server-on-ubuntu/ </p>
Setting up SysLog Server on Ubuntu – BlogBT.net
blogbt.net<p>Setting up a syslog server on ubuntu for easy troubleshooting and log keeping

Ubuntu 14.04 Syslog Server

• :qto quit (short for :quit)
• :q!to quit without saving (short for :quit!)
• :wqto write and quit (think write and quit)
• :wq!to write and quit even if file has only read permission (if file does not have write permission: force write)
• :xto write and quit (similar to :wq, but won’t write if there are no changes)
• :qato quit all (short for :quitall)
  

OMS Agent for Linux
https://github.com/Microsoft/OMS-Agent-for-Linux/blob/master/installer/conf/omsagent.d/syslog.conf

https://blogs.technet.microsoft.com/msoms/2016/05/12/syslog-collection-in-operations-management-suite/

Install Azure Power Shell
https://docs.microsoft.com/en-us/powershell/azure/install-azurerm-ps?view=azurermps-4.0.0

Install Agent For log analytics
https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-linux-agents

The post High Level Steps to Create a Syslog Server for Azure OMS (Log Analytics) appeared first on Apostolidis IT Corner.

<a href="http://www.e-apostolidis.gr/microsoft/azure/high-level-steps-create-syslog-server-azure-oms-log-analytics/"class='bbc_url' rel='nofollow external'>Source</a>