Generally Available: Collect Syslog from AKS nodes using Azure Monitor Container Insights
Published date: November 20, 2023
The ability to collect Syslog from Linux-based host nodes in AKS is now generally available. The GA release comes with reliability improvements, an out-of-box dashboard in Azure Managed Grafana, and the ability to send Syslog data to Microsoft Sentinel.
Syslog is a popular message logging standard that can be used across a variety of devices like servers, Virtual Machines, routers, and other devices. Enterprises commonly use syslog for collecting logs in on-premise, and IaaS workloads. Customers can now collect Syslog from their AKS Clusters using Azure Monitor - Container insights. Combined with SIEM systems (Microsoft Sentinel) and observability tools (Azure Monitor), syslog collection enables security monitoring and troubleshooting for AKS clusters.
IMPORTANT NOTE: Due to slower rollouts towards the year end, the agent version with the GA changes will not be in all regions until January 2024. Agent versions 3.1.16 and above have Syslog GA changes. Please check the agent version before enabling in production.