Update unified-connector-syslog-device.md

guywi-ms · guywi-ms · commit 4e994a318a40 · 2025-06-25T11:40:08.000+03:00
diff --git a/articles/sentinel/unified-connector-syslog-device.md b/articles/sentinel/unified-connector-syslog-device.md
@@ -14,12 +14,15 @@ ms.date: 06/27/2024
 
 # Syslog via AMA data connector - Configure specific appliance or device for Microsoft Sentinel data ingestion
 
-Log collection from many security appliances and devices  are supported by the **Syslog via AMA** data connector in Microsoft Sentinel. This article lists provider supplied installation instructions for specific security appliances and devices that use this data connector. Contact the provider for updates, more information, or where information is unavailable for your security appliance or device.
+The **Syslog via AMA** data connector in Microsoft Sentinel collects logs from many security appliances and devices. This article lists provider-supplied installation instructions for specific security appliances and devices that use this data connector. Contact the provider for updates, more information, or where information is unavailable for your security appliance or device.
 
 To forward data to your Log Analytics workspace for Microsoft Sentinel, complete the steps in [Ingest syslog and CEF messages to Microsoft Sentinel with the Azure Monitor Agent](connect-cef-syslog-ama.md). As you complete those steps, install the **Syslog via AMA** data connector in Microsoft Sentinel. Then, use the appropriate provider's instructions in this article to complete the setup.
 
 For more information about the related Microsoft Sentinel solution for each of these appliances or devices, search the [Azure Marketplace](https://azuremarketplace.microsoft.com/) for the **Product Type** > **Solution Templates** or review the solution from the **Content hub** in Microsoft Sentinel.
 
+> [!IMPORTANT]
+> Solutions provided by third-party vendors might still reference a deprecated **Log Analytics agent** connector. These connectors are not supported for new deployments. You can continue to use the same solutions with the **Syslog via AMA** data connector instead.
+
 ## Barracuda CloudGen Firewall
 
 [Follow instructions](https://aka.ms/sentinel-barracudacloudfirewall-connector) to configure syslog streaming. Use the IP address or hostname for the Linux machine with the Microsoft Sentinel agent installed for the **Destination IP** address.
@@ -68,7 +71,7 @@ This data connector was developed using Cisco Stealthwatch version 7.3.2
 >
 > Update the parser and specify the hostname of the source machines transmitting the logs in the parser's first line.
 >
-> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias **CiscoUCS**. Alternatively, directly load the [function code](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Cisco%20UCS/Parsers/CiscoUCS.yaml). It might take about 15-minutes post-installation to update.
+> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias **CiscoUCS**. Alternatively, directly load the [function code](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Cisco%20UCS/Parsers/CiscoUCS.yaml). It might take about 15-minutes post-installation to update. Although the solution references the deprecated **Log Analytics agent** connector, you can continue to use the same solution, including the referenced parser, with the **Syslog via AMA** data connector instead.
 
 ## Cisco Web Security Appliance (WSA)
 
@@ -90,7 +93,7 @@ Configure Citrix ADC (former NetScaler) to forward logs via Syslog.
 5. For more information, see the [Citrix ADC (former NetScaler) documentation](https://docs.netscaler.com/).
 
 > [!NOTE]
-> The functionality of this data connector is reliant on a Kusto Function-based parser, which is integral to its operation. This parser is deployed  as part of the solution installation. To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias **CitrixADCEvent**. Alternatively, you can directly load the [function code](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Citrix%20ADC/Parsers/CitrixADCEvent.yaml). It might take about 15 minutes post-installation to update.
+> The functionality of this data connector is reliant on a Kusto Function-based parser, which is integral to its operation. This parser is deployed  as part of the solution installation. To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias **CitrixADCEvent**. Alternatively, you can directly load the [function code](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Citrix%20ADC/Parsers/CitrixADCEvent.yaml). It might take about 15 minutes post-installation to update. Although the solution references the deprecated **Log Analytics agent** connector, you can continue to use the same solution, including the referenced parser, with the **Syslog via AMA** data connector instead.
 >
 > This parser requires a watchlist named `Sources_by_SourceType`.
 >
@@ -161,7 +164,7 @@ This data connector was developed using Forescout Syslog Plugin version: v3.6
 > [!NOTE]
 > The functionality of this data connector is reliant on a Kusto Function-based parser, which is integral to its operation. This parser is deployed  as part of the solution installation.
 >
-> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias **Infoblox**. Alternatively, you can directly load the [function code](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Infoblox%20NIOS/Parsers/Infoblox.yaml). It might take about 15 minutes post-installation to update.
+> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias **Infoblox**. Alternatively, you can directly load the [function code](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Infoblox%20NIOS/Parsers/Infoblox.yaml). It might take about 15 minutes post-installation to update. Although the solution references the deprecated **Log Analytics agent** connector, you can continue to use the same solution, including the referenced parser, with the **Syslog via AMA** data connector instead.
 > 
 > This parser requires a watchlist named **`Sources_by_SourceType`**.
 >

Original file line number	Diff line number	Diff line change
`@@ -14,12 +14,15 @@ ms.date: 06/27/2024`
`14`	`14`
`15`	`15`	`# Syslog via AMA data connector - Configure specific appliance or device for Microsoft Sentinel data ingestion`
`16`	`16`
`17`		`-Log collection from many security appliances and devices are supported by the Syslog via AMA data connector in Microsoft Sentinel. This article lists provider supplied installation instructions for specific security appliances and devices that use this data connector. Contact the provider for updates, more information, or where information is unavailable for your security appliance or device.`
	`17`	`+The Syslog via AMA data connector in Microsoft Sentinel collects logs from many security appliances and devices. This article lists provider-supplied installation instructions for specific security appliances and devices that use this data connector. Contact the provider for updates, more information, or where information is unavailable for your security appliance or device.`
`18`	`18`
`19`	`19`	`To forward data to your Log Analytics workspace for Microsoft Sentinel, complete the steps in [Ingest syslog and CEF messages to Microsoft Sentinel with the Azure Monitor Agent](connect-cef-syslog-ama.md). As you complete those steps, install the Syslog via AMA data connector in Microsoft Sentinel. Then, use the appropriate provider's instructions in this article to complete the setup.`
`20`	`20`
`21`	`21`	`For more information about the related Microsoft Sentinel solution for each of these appliances or devices, search the [Azure Marketplace](https://azuremarketplace.microsoft.com/) for the Product Type > Solution Templates or review the solution from the Content hub in Microsoft Sentinel.`
`22`	`22`
	`23`	`+> [!IMPORTANT]`
	`24`	`+> Solutions provided by third-party vendors might still reference a deprecated Log Analytics agent connector. These connectors are not supported for new deployments. You can continue to use the same solutions with the Syslog via AMA data connector instead.`
	`25`	`+`
`23`	`26`	`## Barracuda CloudGen Firewall`
`24`	`27`
`25`	`28`	`[Follow instructions](https://aka.ms/sentinel-barracudacloudfirewall-connector) to configure syslog streaming. Use the IP address or hostname for the Linux machine with the Microsoft Sentinel agent installed for the Destination IP address.`
`@@ -68,7 +71,7 @@ This data connector was developed using Cisco Stealthwatch version 7.3.2`
`68`	`71`	`>`
`69`	`72`	`> Update the parser and specify the hostname of the source machines transmitting the logs in the parser's first line.`
`70`	`73`	`>`
`71`		`-> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias CiscoUCS. Alternatively, directly load the [function code](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Cisco%20UCS/Parsers/CiscoUCS.yaml). It might take about 15-minutes post-installation to update.`
	`74`	+> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias CiscoUCS. Alternatively, directly load the [function code](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Cisco%20UCS/Parsers/CiscoUCS.yaml). It might take about 15-minutes post-installation to update. Although the solution references the deprecated Log Analytics agent connector, you can continue to use the same solution, including the referenced parser, with the Syslog via AMA data connector instead.
`72`	`75`
`73`	`76`	`## Cisco Web Security Appliance (WSA)`
`74`	`77`
`@@ -90,7 +93,7 @@ Configure Citrix ADC (former NetScaler) to forward logs via Syslog.`
`90`	`93`	`5. For more information, see the [Citrix ADC (former NetScaler) documentation](https://docs.netscaler.com/).`
`91`	`94`
`92`	`95`	`> [!NOTE]`
`93`		-> The functionality of this data connector is reliant on a Kusto Function-based parser, which is integral to its operation. This parser is deployed as part of the solution installation. To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias CitrixADCEvent. Alternatively, you can directly load the [function code](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Citrix%20ADC/Parsers/CitrixADCEvent.yaml). It might take about 15 minutes post-installation to update.
	`96`	+> The functionality of this data connector is reliant on a Kusto Function-based parser, which is integral to its operation. This parser is deployed as part of the solution installation. To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias CitrixADCEvent. Alternatively, you can directly load the [function code](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Citrix%20ADC/Parsers/CitrixADCEvent.yaml). It might take about 15 minutes post-installation to update. Although the solution references the deprecated Log Analytics agent connector, you can continue to use the same solution, including the referenced parser, with the Syslog via AMA data connector instead.
`94`	`97`	`>`
`95`	`98`	> This parser requires a watchlist named `Sources_by_SourceType`.
`96`	`99`	`>`
`@@ -161,7 +164,7 @@ This data connector was developed using Forescout Syslog Plugin version: v3.6`
`161`	`164`	`> [!NOTE]`
`162`	`165`	`> The functionality of this data connector is reliant on a Kusto Function-based parser, which is integral to its operation. This parser is deployed as part of the solution installation.`
`163`	`166`	`>`
`164`		`-> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias Infoblox. Alternatively, you can directly load the [function code](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Infoblox%20NIOS/Parsers/Infoblox.yaml). It might take about 15 minutes post-installation to update.`
	`167`	+> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias Infoblox. Alternatively, you can directly load the [function code](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Infoblox%20NIOS/Parsers/Infoblox.yaml). It might take about 15 minutes post-installation to update. Although the solution references the deprecated Log Analytics agent connector, you can continue to use the same solution, including the referenced parser, with the Syslog via AMA data connector instead.
`165`	`168`	`>`
`166`	`169`	> This parser requires a watchlist named `Sources_by_SourceType`.
`167`	`170`	`>`