You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/sentinel/connect-cef-syslog-ama.md
+2-15Lines changed: 2 additions & 15 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -103,25 +103,12 @@ The setup process for the CEF via AMA connector has two parts:
103
103
104
104
---
105
105
106
-
107
-
108
106
### Install the AMA and create a Data Collection Rule (DCR)
109
107
110
-
# [Syslog](#tab/syslog)
111
-
112
108
You can perform this step in one of two ways:
113
-
- Deploy and configure the **Syslog via AMA** data connector in the [Microsoft Sentinel portal](?tabs=syslog%2Cportal#install-the-ama-and-create-a-data-collection-rule-dcr). With this setup, you can create, manage, and delete DCRs per workspace. The AMA will be installed automatically on the VMs you select in the connector configuration.
109
+
- Deploy and configure the **Syslog via AMA** or **Common Event Format (CEF) via AMA** data connector in the Microsoft Sentinel portal. With this setup, you can create, manage, and delete DCRs per workspace. The AMA will be installed automatically on the VMs you select in the connector configuration.
114
110
**—OR—**
115
-
- Send HTTP requests to the [Logs Ingestion API](?tabs=syslog%2Capi#install-the-ama-and-create-a-data-collection-rule-dcr). With this setup, you can create, manage, and delete DCRs. This option is more flexible than the portal. For example, with the API, you can filter by specific log levels, where with the UI, you can only select a minimum log level. The downside is that you have to manually install the Azure Monitor Agent on the log forwarder before creating a DCR.
116
-
117
-
# [CEF](#tab/cef)
118
-
119
-
You can perform this step in one of two ways:
120
-
- Deploy and configure the **Common Event Format (CEF) via AMA** data connector in the [Microsoft Sentinel portal](?tabs=cef%2Cportal#install-the-ama-and-create-a-data-collection-rule-dcr). With this setup, you can create, manage, and delete DCRs per workspace. The AMA will be installed automatically on the VMs you select in the connector configuration.
121
-
**—OR—**
122
-
- Send HTTP requests to the [Logs Ingestion API](?tabs=cef%2Capi#install-the-ama-and-create-a-data-collection-rule-dcr). With this setup, you can create, manage, and delete DCRs. This option is more flexible than the portal. For example, with the API, you can filter by specific log levels, where with the UI, you can only select a minimum log level. The downside is that you have to manually install the Azure Monitor Agent on the log forwarder before creating a DCR.
123
-
124
-
---
111
+
- Send HTTP requests to the Logs Ingestion API. With this setup, you can create, manage, and delete DCRs. This option is more flexible than the portal. For example, with the API, you can filter by specific log levels, where with the UI, you can only select a minimum log level. The downside is that you have to manually install the Azure Monitor Agent on the log forwarder before creating a DCR.
125
112
126
113
Select the appropriate tab below to see the instructions for each way.
0 commit comments