Skip to content

Commit cb02d39

Browse files
yelevinyelevin
committed
Attempt 1 on tabs
1 parent 580b380 commit cb02d39

File tree

1 file changed

+19
-8
lines changed

1 file changed

+19
-8
lines changed

articles/sentinel/connect-cef-agent.md

Lines changed: 19 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -52,19 +52,30 @@ The following is a command-by-command description of the actions of the deployme
5252

5353
**Downloading and installing the Log Analytics agent:**
5454

55-
56-
|Action |Command |
57-
|--------------|-------------------|
58-
|Downloads the installation script for the Log Analytics (OMS) Linux agent|`wget https://raw.githubusercontent.com/Microsoft/OMS-Agent-for-Linux/master/installer/scripts/onboard_agent.sh`|
59-
|Installs the Log Analytics agent|`sh onboard_agent.sh -w [workspaceID] -s [Primary Key] -d opinsights.azure.com`|
55+
1. Downloads the installation script for the Log Analytics (OMS) Linux agent<br>`wget https://raw.githubusercontent.com/Microsoft/OMS-Agent-for-Linux/master/installer/scripts/onboard_agent.sh`
56+
57+
1. Installs the Log Analytics agent<br>`sh onboard_agent.sh -w [workspaceID] -s [Primary Key] -d opinsights.azure.com`
6058

6159
**Configuring the Syslog daemon:**
60+
61+
# [rsyslog daemon](#tab/rsyslog)
62+
63+
Content for rsyslog...
64+
65+
66+
# [syslog-ng daemon](#tab/syslogng)
67+
68+
Content for syslog-ng...
69+
70+
---
71+
6272
|Action |rsyslog daemon |syslog-ng daemon |
63-
|--------------|-------------------|-------------------|
73+
|--------------|------------------|-------------------|
6474
|Open port 514 for TCP communication<br>using syslog configuration file|`/etc/rsyslog.conf`|`/etc/syslog-ng/syslog-ng.conf`|
6575
|Configure the daemon to forward CEF messages<br>to the Log Analytics agent on localhost, on TCP port 25226, by inserting a special omsagent configuration file into the syslog daemon directory|`/etc/rsyslog.d/security-config-omsagent.conf`|`/etc/syslog-ng/conf.d/security-config-omsagent.conf`|
66-
|File contents:|`:rawmsg, regex, "CEF\|ASA" ~`<br>`*.* @@127.0.0.1:25226`|`filter f_oms_filter {match(\"CEF\|ASA\" ) ;};`<br>
67-
- syslog-ng:
76+
|File contents:|`:rawmsg, regex, "CEF\|ASA" ~`<br>`*.* @@127.0.0.1:25226`|`filter f_oms_filter {match(\"CEF\|ASA\" ) ;};`<br>`destination oms_destination {tcp(\"127.0.0.1\" port("25226"));};`<br>`log {source(s_src);filter(f_oms_filter);destination(oms_destination);};`|
77+
78+
6879

6980
## Next steps
7081
In this document, you learned how to deploy the Log Analytics agent to connect CEF appliances to Azure Sentinel. To learn more about Azure Sentinel, see the following articles:

0 commit comments

Comments
 (0)