This article has not been completed yet. However, it may already contain helpful Information and therefore it has been published at this stage.
First, the onprem machine needs to be onboarded in Azure Arc.
You can read more about this in one of my earlier blog posts (see link).
Next, a data collection rule needs to be created.
At this stage, we only want messages from the user facility. So we set all other facilities to "none" and "LOG_User" to "LOG_INFO".
Now you can choose the right logging destination. I assume that there is already a Log Analytic Workspace available.
Creating a Data Collection Rule triggers the installation of the AMA Agent via the ARC Agent (Azure Connected Machine Agent).
As a result you will find a new heartbeat table in your Log Log Analytic Workspace.
Consequently, there is a connection between the new delivered agent and Azure.
But how do we get syslog info now?
Again, I already created a blogpost where I discuss how to set up an rsyslog server (see link). So I won't go into more detail here.
In a nutshell, I just set up an rsyslogserver that listens via port udp/tcp 514 and only allows connections from 127.0.0.1 (localhost), in other words, from itself.
Nun habe ich dann einfach eine Testnachricht versendet indem ich folgenden Befehl verwendet habe.
echo "<14>Test UDP syslog message" >> /dev/udp/127.0.0.1/514
Lastly, I tried to query the syslog table, which should now be present.