Update data-collection-syslog.md

Author: simathih

articles/azure-monitor/agents/data-collection-syslog.md

@@ -1,3 +1,4 @@
+
 ---
 title: Collect Syslog events with Azure Monitor Agent 
 description: Configure collection of Syslog events by using a data collection rule on virtual machines with Azure Monitor Agent.
@@ -199,6 +200,22 @@ log {
 	flags(flow-control);
 };
 ```
+>[!Note]
+>The following configuration is used when you use SELinux and we decide to use Unix sockets.
+```
+$ cat /etc/syslog-ng/conf.d/azuremonitoragent.conf 
+# Azure MDSD configuration: syslog forwarding config for mdsd agent options {}; 
+# during install time, we detect if s_src exist, if it does then we 
+# replace it by appropriate source name like in redhat 's_sys' 
+# Forwrding using unix domain socket 
+destination d_azure_mdsd { 
+unix-dgram("/run/azuremonitoragent/default_syslog.socket" 
+flags(no_multi_line) 
+); 
+}; 
+log {	source(s_src); # will be automatically parsed from /etc/syslog-ng/syslog-ng.conf 
+destination(d_azure_mdsd); }; 
+```
 
 >[!Note]
 > Azure Monitor supports collection of messages sent by rsyslog or syslog-ng, where rsyslog is the default daemon. The default Syslog daemon on version 5 of Red Hat Enterprise Linux, CentOS, and Oracle Linux version (sysklog) isn't supported for Syslog event collection. To collect Syslog data from this version of these distributions, the rsyslog daemon should be installed and configured to replace sysklog.