Feedback

limwainstein · limwainstein · commit 1d32fdceb8ce · 2023-04-04T10:26:37.000+03:00
diff --git a/articles/sentinel/TOC.yml b/articles/sentinel/TOC.yml
@@ -745,6 +745,8 @@
           href: connect-cef-syslog.md
         - name: CEF over Syslog sources (legacy)
           href: connect-common-event-format.md
+        - name: Deploy a log forwarder (legacy)
+          href: connect-log-forwarder.md
         - name: Syslog (raw) sources (legacy)
           href: connect-syslog.md
       - name: DNS via AMA
@@ -770,9 +772,7 @@
     - name: Configure ingestion-time transformation
       href: configure-data-transformation.md
     - name: Configure RDP login detection
-      href: configure-connector-login-detection.md
-    - name: Deploy a log forwarder
-      href: connect-log-forwarder.md    
+      href: configure-connector-login-detection.md        
     - name: Create a custom connector
       href: create-custom-connector.md
     - name: Create a codeless connector
diff --git a/articles/sentinel/connect-cef-syslog-options.md b/articles/sentinel/connect-cef-syslog-options.md
@@ -14,10 +14,11 @@ In this article, you can find the relevant option for streaming and filtering lo
 
 ## Stream logs in the CEF and Syslog format to Microsoft Sentinel 
 
-|Scenario  |Options  |
-|---------|---------|
-|Are your logs in raw Syslog, in Common Event Format (CEF), or both?   |• **[CEF (with CEF AMA connector)](connect-cef-ama.md)**<br><br>• **Syslog**: To ingest logs over Syslog with the AMA, [create a DCR](../azure-monitor/essentials/data-collection-rule-structure.md), or for the full procedure, see [forward syslog data to Log Analytics using the AMA](forward-syslog-monitor-agent.md).<br><br>• **[CEF and Syslog](connect-cef-syslog.md)** |
-|Are you sending logs to Microsoft Sentinel directly from your device/appliance, or via a log forwarder?   |• To **[Send logs directly via CEF](connect-cef-ama.md)**, skip the Configure a log forwarder step.<br><br>• **[Send logs directly via Syslog](connect-syslog.md)**<br><br>• **[Configure a log forwarder](connect-log-forwarder.md)** |
+Depending on where your logs are located, select the article that's most relevant to your scenario:
+
+- **[CEF](connect-cef-ama.md)**: Stream CEF logs with the CEF AMA connector.
+- **Syslog**: To ingest logs over Syslog with the AMA, [create a DCR](../azure-monitor/essentials/data-collection-rule-structure.md), or for the full procedure, see [forward syslog data to Log Analytics using the AMA](forward-syslog-monitor-agent.md).
+- **[CEF and Syslog](connect-cef-syslog.md)**: Stream logs in both the CEF and Syslog format.
 
 ## Next steps
 
diff --git a/articles/sentinel/connect-cef-syslog.md b/articles/sentinel/connect-cef-syslog.md
@@ -33,7 +33,7 @@ Before you begin, verify that you have:
     - The Linux machine must have Python 2.7 or 3 installed on the Linux machine. Use the ``python --version`` or ``python3 --version`` command to check.
 - Either the `syslog-ng` or `rsyslog` daemon enabled.
 - To collect events from any system that isn't an Azure virtual machine, ensure that [Azure Arc](../azure-monitor/agents/azure-monitor-agent-manage.md) is installed.
-- To ingest Syslog and CEF logs into Microsoft Sentinel, you can designate and configure a Linux machine that collects the logs from your devices and forwards them to your Microsoft Sentinel workspace. [Configure a log forwarder](connect-cef-ama.md#configure-a-log-forwarder)
+- To ingest Syslog and CEF logs into Microsoft Sentinel, you can designate and configure a Linux machine that collects the logs from your devices and forwards them to your Microsoft Sentinel workspace. [Configure a log forwarder](connect-cef-ama.md#configure-a-log-forwarder).
 
 ## Avoid data ingestion duplication
 
