Merge pull request #280368 from quillanogle/docs-editor/forward-syslog-monitor-agent-1720537624

Update forward-syslog-monitor-agent.md

Author: prmerger-automator[bot]

articles/sentinel/forward-syslog-monitor-agent.md

@@ -69,6 +69,15 @@ In Microsoft Sentinel or Azure Monitor, verify that Azure Monitor Agent is runni
 
 Verify that the VM that's collecting the log data allows reception on port 514 TCP or UDP depending on the Syslog source. Then configure the built-in Linux Syslog daemon on the VM to listen for Syslog messages from your devices. After you finish those steps, configure your Linux-based device to send logs to your VM.
 
+> [!NOTE]
+> If the firewall is running, a rule will need to be created to allow remote systems to reach the daemon’s syslog listener: `systemctl status firewalld.service`
+> 1. Add for tcp 514 (your zone/port/protocol may differ depending on your scenario)
+>      `firewall-cmd --zone=public --add-port=514/tcp --permanent`
+> 2. Add for udp 514 (your zone/port/protocol may differ depending on your scenario)
+>      `firewall-cmd --zone=public --add-port=514/udp --permanent`
+> 3. Restart the firewall service to ensure new rules take effect
+>      `systemctl restart firewalld.service`
+
 The following two sections cover how to add an inbound port rule for an Azure VM and configure the built-in Linux Syslog daemon.
 
 ### Allow inbound Syslog traffic on the VM