Update unified-connector-syslog-device.md

guywi-ms · guywi-ms · commit 82f5c5c93759 · 2025-06-25T11:59:42.000+03:00
diff --git a/articles/sentinel/unified-connector-syslog-device.md b/articles/sentinel/unified-connector-syslog-device.md
@@ -90,7 +90,8 @@ Configure Citrix ADC (former NetScaler) to forward logs via Syslog.
 2. Specify **Syslog action name**.
 3. Set IP address of remote Syslog server and port.
 4. Set **Transport type** as **TCP** or **UDP** depending on your remote syslog server configuration.
-5. For more information, see the [Citrix ADC (former NetScaler) documentation](https://docs.netscaler.com/).
+
+For more information, see the [Citrix ADC (former NetScaler) documentation](https://docs.netscaler.com/).
 
 > [!NOTE]
 > The functionality of this data connector is reliant on a Kusto Function-based parser, which is integral to its operation. This parser is deployed  as part of the solution installation. To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias **CitrixADCEvent**. Alternatively, you can directly load the [function code](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Citrix%20ADC/Parsers/CitrixADCEvent.yaml). It might take about 15 minutes post-installation to update. Although the solution references the deprecated **Log Analytics agent** connector, you can continue to use the same solution, including the referenced parser, with the **Syslog via AMA** data connector instead.
@@ -249,7 +250,7 @@ Complete the following steps.
 >
 > Update the parser and specify the hostname of the source machines transmitting the logs in the parser's first line.
 > 
-> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias **PulseConnectSecure**. Alternatively, directly load the [function code](https://aka.ms/sentinel-PulseConnectSecure-parser). It might take about 15 minutes post-installation to update.
+> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias **PulseConnectSecure**. Alternatively, directly load the [function code](https://aka.ms/sentinel-PulseConnectSecure-parser). It might take about 15 minutes post-installation to update. Although the solution references the deprecated **Log Analytics agent** connector, you can continue to use the same solution, including the referenced parser, with the **Syslog via AMA** data connector instead.
 
 ## RSA SecurID
 
@@ -261,7 +262,7 @@ Complete the following steps to get RSA® SecurID Authentication Manager logs in
 >
 > Update the parser and specify the hostname of the source machines transmitting the logs in the parser's first line.
 >
-> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias **RSASecurIDAMEvent**. Alternatively, you can directly load the [function code](https://aka.ms/sentinel-rsasecuridam-parser). It might take about 15 minutes post-installation to update.
+> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias **RSASecurIDAMEvent**. Alternatively, you can directly load the [function code](https://aka.ms/sentinel-rsasecuridam-parser). It might take about 15 minutes post-installation to update. Although the solution references the deprecated **Log Analytics agent** connector, you can continue to use the same solution, including the referenced parser, with the **Syslog via AMA** data connector instead.
 
 This data connector was developed using RSA SecurID Authentication Manager version: 8.4 and 8.5
 
@@ -274,7 +275,7 @@ This data connector was developed using RSA SecurID Authentication Manager versi
 > The functionality of this data connector is reliant on a Kusto Function-based parser, which is integral to its operation. This parser is deployed  as part of the solution installation.
 >
 > Update the parser and specify the hostname of the source machines transmitting the logs in the parser's first line. 
-> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias **SophosXGFirewall**. Alternatively, directly load the [function code](https://aka.ms/sentinel-SophosXG-parser). It might take about 15 minutes post-installation to update.
+> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias **SophosXGFirewall**. Alternatively, directly load the [function code](https://aka.ms/sentinel-SophosXG-parser). It might take about 15 minutes post-installation to update. Although the solution references the deprecated **Log Analytics agent** connector, you can continue to use the same solution, including the referenced parser, with the **Syslog via AMA** data connector instead.
 
 
 ## Symantec Endpoint Protection
@@ -286,7 +287,7 @@ This data connector was developed using RSA SecurID Authentication Manager versi
 > The functionality of this data connector is reliant on a Kusto Function-based parser, which is integral to its operation. This parser is deployed  as part of the solution installation.
 >
 > Update the parser and specify the hostname of the source machines transmitting the logs in the parser's first line. 
-> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias **SymantecEndpointProtection**. Alternatively, you can directly load the [function code](https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/Symantec%20Endpoint%20Protection/Parsers/SymantecEndpointProtection.yaml). It might take about 15 minutes post-installation to update.
+> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias **SymantecEndpointProtection**. Alternatively, you can directly load the [function code](https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/Symantec%20Endpoint%20Protection/Parsers/SymantecEndpointProtection.yaml). It might take about 15 minutes post-installation to update. Although the solution references the deprecated **Log Analytics agent** connector, you can continue to use the same solution, including the referenced parser, with the **Syslog via AMA** data connector instead.
 
 ## Symantec ProxySG
 
@@ -307,7 +308,7 @@ This data connector was developed using RSA SecurID Authentication Manager versi
 >
 > Update the parser and specify the hostname of the source machines transmitting the logs in the parser's first line.
 > 
-> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias **SymantecProxySG**. Alternatively, directly load the [function code](https://aka.ms/sentinel-SymantecProxySG-parser). It might take about 15 minutes post-installation to update.
+> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias **SymantecProxySG**. Alternatively, directly load the [function code](https://aka.ms/sentinel-SymantecProxySG-parser). It might take about 15 minutes post-installation to update. Although the solution references the deprecated **Log Analytics agent** connector, you can continue to use the same solution, including the referenced parser, with the **Syslog via AMA** data connector instead.
 
 ## Symantec VIP
 
@@ -318,7 +319,7 @@ This data connector was developed using RSA SecurID Authentication Manager versi
 >
 > Update the parser and specify the hostname of the source machines transmitting the logs in the parser's first line. 
 >
-> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias **SymantecVIP**. Alternatively, directly load the [function code](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Symantec%20VIP/Parsers/SymantecVIP.yaml). It might take about 15 minutes post-installation to update.
+> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias **SymantecVIP**. Alternatively, directly load the [function code](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Symantec%20VIP/Parsers/SymantecVIP.yaml). It might take about 15 minutes post-installation to update. Although the solution references the deprecated **Log Analytics agent** connector, you can continue to use the same solution, including the referenced parser, with the **Syslog via AMA** data connector instead.
 
 ## VMware ESXi
 
@@ -333,7 +334,7 @@ This data connector was developed using RSA SecurID Authentication Manager versi
 >
 > Update the parser and specify the hostname of the source machines transmitting the logs in the parser's first line.
 >
-> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias VMwareESXi. Alternatively, directly load the [function code](https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/VMWareESXi/Parsers/VMwareESXi.yaml). It might take about 15 minutes post-installation to update.
+> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias VMwareESXi. Alternatively, directly load the [function code](https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/VMWareESXi/Parsers/VMwareESXi.yaml). It might take about 15 minutes post-installation to update. Although the solution references the deprecated **Log Analytics agent** connector, you can continue to use the same solution, including the referenced parser, with the **Syslog via AMA** data connector instead.
 
 ## WatchGuard Firebox
 

Original file line number	Diff line number	Diff line change
`@@ -90,7 +90,8 @@ Configure Citrix ADC (former NetScaler) to forward logs via Syslog.`
`90`	`90`	`2. Specify Syslog action name.`
`91`	`91`	`3. Set IP address of remote Syslog server and port.`
`92`	`92`	`4. Set Transport type as TCP or UDP depending on your remote syslog server configuration.`
`93`		`-5. For more information, see the [Citrix ADC (former NetScaler) documentation](https://docs.netscaler.com/).`
	`93`	`+`
	`94`	`+For more information, see the [Citrix ADC (former NetScaler) documentation](https://docs.netscaler.com/).`
`94`	`95`
`95`	`96`	`> [!NOTE]`
`96`	`97`	> The functionality of this data connector is reliant on a Kusto Function-based parser, which is integral to its operation. This parser is deployed as part of the solution installation. To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias CitrixADCEvent. Alternatively, you can directly load the [function code](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Citrix%20ADC/Parsers/CitrixADCEvent.yaml). It might take about 15 minutes post-installation to update. Although the solution references the deprecated Log Analytics agent connector, you can continue to use the same solution, including the referenced parser, with the Syslog via AMA data connector instead.
`@@ -249,7 +250,7 @@ Complete the following steps.`
`249`	`250`	`>`
`250`	`251`	`> Update the parser and specify the hostname of the source machines transmitting the logs in the parser's first line.`
`251`	`252`	`>`
`252`		`-> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias PulseConnectSecure. Alternatively, directly load the [function code](https://aka.ms/sentinel-PulseConnectSecure-parser). It might take about 15 minutes post-installation to update.`
	`253`	+> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias PulseConnectSecure. Alternatively, directly load the [function code](https://aka.ms/sentinel-PulseConnectSecure-parser). It might take about 15 minutes post-installation to update. Although the solution references the deprecated Log Analytics agent connector, you can continue to use the same solution, including the referenced parser, with the Syslog via AMA data connector instead.
`253`	`254`
`254`	`255`	`## RSA SecurID`
`255`	`256`
`@@ -261,7 +262,7 @@ Complete the following steps to get RSA® SecurID Authentication Manager logs in`
`261`	`262`	`>`
`262`	`263`	`> Update the parser and specify the hostname of the source machines transmitting the logs in the parser's first line.`
`263`	`264`	`>`
`264`		`-> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias RSASecurIDAMEvent. Alternatively, you can directly load the [function code](https://aka.ms/sentinel-rsasecuridam-parser). It might take about 15 minutes post-installation to update.`
	`265`	+> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias RSASecurIDAMEvent. Alternatively, you can directly load the [function code](https://aka.ms/sentinel-rsasecuridam-parser). It might take about 15 minutes post-installation to update. Although the solution references the deprecated Log Analytics agent connector, you can continue to use the same solution, including the referenced parser, with the Syslog via AMA data connector instead.
`265`	`266`
`266`	`267`	`This data connector was developed using RSA SecurID Authentication Manager version: 8.4 and 8.5`
`267`	`268`
`@@ -274,7 +275,7 @@ This data connector was developed using RSA SecurID Authentication Manager versi`
`274`	`275`	`> The functionality of this data connector is reliant on a Kusto Function-based parser, which is integral to its operation. This parser is deployed as part of the solution installation.`
`275`	`276`	`>`
`276`	`277`	`> Update the parser and specify the hostname of the source machines transmitting the logs in the parser's first line.`
`277`		`-> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias SophosXGFirewall. Alternatively, directly load the [function code](https://aka.ms/sentinel-SophosXG-parser). It might take about 15 minutes post-installation to update.`
	`278`	+> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias SophosXGFirewall. Alternatively, directly load the [function code](https://aka.ms/sentinel-SophosXG-parser). It might take about 15 minutes post-installation to update. Although the solution references the deprecated Log Analytics agent connector, you can continue to use the same solution, including the referenced parser, with the Syslog via AMA data connector instead.
`278`	`279`
`279`	`280`
`280`	`281`	`## Symantec Endpoint Protection`
`@@ -286,7 +287,7 @@ This data connector was developed using RSA SecurID Authentication Manager versi`
`286`	`287`	`> The functionality of this data connector is reliant on a Kusto Function-based parser, which is integral to its operation. This parser is deployed as part of the solution installation.`
`287`	`288`	`>`
`288`	`289`	`> Update the parser and specify the hostname of the source machines transmitting the logs in the parser's first line.`
`289`		`-> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias SymantecEndpointProtection. Alternatively, you can directly load the [function code](https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/Symantec%20Endpoint%20Protection/Parsers/SymantecEndpointProtection.yaml). It might take about 15 minutes post-installation to update.`
	`290`	+> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias SymantecEndpointProtection. Alternatively, you can directly load the [function code](https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/Symantec%20Endpoint%20Protection/Parsers/SymantecEndpointProtection.yaml). It might take about 15 minutes post-installation to update. Although the solution references the deprecated Log Analytics agent connector, you can continue to use the same solution, including the referenced parser, with the Syslog via AMA data connector instead.
`290`	`291`
`291`	`292`	`## Symantec ProxySG`
`292`	`293`
`@@ -307,7 +308,7 @@ This data connector was developed using RSA SecurID Authentication Manager versi`
`307`	`308`	`>`
`308`	`309`	`> Update the parser and specify the hostname of the source machines transmitting the logs in the parser's first line.`
`309`	`310`	`>`
`310`		`-> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias SymantecProxySG. Alternatively, directly load the [function code](https://aka.ms/sentinel-SymantecProxySG-parser). It might take about 15 minutes post-installation to update.`
	`311`	+> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias SymantecProxySG. Alternatively, directly load the [function code](https://aka.ms/sentinel-SymantecProxySG-parser). It might take about 15 minutes post-installation to update. Although the solution references the deprecated Log Analytics agent connector, you can continue to use the same solution, including the referenced parser, with the Syslog via AMA data connector instead.
`311`	`312`
`312`	`313`	`## Symantec VIP`
`313`	`314`
`@@ -318,7 +319,7 @@ This data connector was developed using RSA SecurID Authentication Manager versi`
`318`	`319`	`>`
`319`	`320`	`> Update the parser and specify the hostname of the source machines transmitting the logs in the parser's first line.`
`320`	`321`	`>`
`321`		`-> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias SymantecVIP. Alternatively, directly load the [function code](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Symantec%20VIP/Parsers/SymantecVIP.yaml). It might take about 15 minutes post-installation to update.`
	`322`	+> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias SymantecVIP. Alternatively, directly load the [function code](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Symantec%20VIP/Parsers/SymantecVIP.yaml). It might take about 15 minutes post-installation to update. Although the solution references the deprecated Log Analytics agent connector, you can continue to use the same solution, including the referenced parser, with the Syslog via AMA data connector instead.
`322`	`323`
`323`	`324`	`## VMware ESXi`
`324`	`325`
`@@ -333,7 +334,7 @@ This data connector was developed using RSA SecurID Authentication Manager versi`
`333`	`334`	`>`
`334`	`335`	`> Update the parser and specify the hostname of the source machines transmitting the logs in the parser's first line.`
`335`	`336`	`>`
`336`		`-> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias VMwareESXi. Alternatively, directly load the [function code](https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/VMWareESXi/Parsers/VMwareESXi.yaml). It might take about 15 minutes post-installation to update.`
	`337`	+> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias VMwareESXi. Alternatively, directly load the [function code](https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/VMWareESXi/Parsers/VMwareESXi.yaml). It might take about 15 minutes post-installation to update. Although the solution references the deprecated Log Analytics agent connector, you can continue to use the same solution, including the referenced parser, with the Syslog via AMA data connector instead.
`337`	`338`
`338`	`339`	`## WatchGuard Firebox`
`339`	`340`