The Azure team has recently released the Azure Diagnostics extension for Linux VMs. If you use Azure Diagnostics, Operations Management Suite can ingest syslog data from storage accounts configured to store your diagnostics data. As of the publication of this blog post, OMS can ingest all logs routed through syslog or RsyslogD.
We’d like to share a high level view of how your data travels to OMS:
To enable this functionality, follow the steps below:
1. Enable Azure Diagnostics for your Linux machines
2. In the Classic Azure Portal find your Operational Insights workspace.
Note: If you can’t find your OMS workspace here, it means you haven’t linked your workspace to your Azure Subscription – follow the steps to link workspaces here
3. Select this workspace and click on the STORAGE tab.
4. Click ADD in the task bar at the bottom and select the storage account that contains your diagnostics data.
5. Select the DATA TYPE you’d like to pull from the storage account. At the moment, the only Linux log collection we support is Syslog (Linux)
6. Select the table to read from. For Syslog (Linux) your only choice is LinuxsyslogVer2v0.
7. Click the checkbox
That’s it! In 5 to 15 minutes you will start to see any new logs written to this table in your OMS workspace. Just search for Type=Syslog in the Log Search feature of OMS.
If you are not seeing your logs, or are having any other issues, please email us at firstname.lastname@example.org – We are here to help. 🙂