I am working with Azure Log Analytics to push syslogs from Linux Vm to Azure. I created a new Log Analytics workspace, connected a RHEL 6.10 VM with it and then configured the data sources to Syslog and some common performance counters. But I don't see any data being collected from my VM to ALA.
The only problem which I suspect is configuration of the NSG rules on the subnet of which this VM is part of. I created the NSG with outbound rules as following.
- Created a rule named “DenyInternet” which denies all internet access with following parameters
Source - *
Destination - Service Tag\
Service tag - Internet
Destination port range - *
Protocol - “any”
Action - Deny
Priority - 4000
- Created another outbound rule which allows connectivity to Azure Storage with following parameters
Source - *
Destination - Service Tag
Destination service tag - “Storage”
Destination port range - *
Protocol - “any”
Action - allow
Priority - 100
- Create third outbound rule which allows connectivity to Azure Log Analytics with following parameters
Source - *
Destination - Service Tag
Destination service tag - AzureMonitor
Destination port range - *
Protocol - “any”
Action - allow
Priority - 110
So as per the above rules applied on the NSG it should Deny all Internet access but should allow access to Storage and Azure Log Analytics, but still I believe logs are not being pushed to ALA workspace.
