Rsyslog now includes a new output module that enables direct integration with Azure Monitor using the Logs Ingestion API.
This allows Syslog data to be sent directly to Azure Monitor or Microsoft Sentinel without requiring the Azure Monitor Agent (AMA)—which traditionally acts as an intermediary for collecting and forwarding logs.
Key Benefits
- No additional agent required, reducing system complexity
- Direct data transmission to Azure Monitor
- Flexible log processing using rsyslog’s filtering and transformation capabilities
- Suitable for centralized log collection and SIEM scenarios
Summary
The new module simplifies Azure Monitor integration by removing intermediate components and leveraging a direct API-based approach. It provides a straightforward option for environments where rsyslog is already used as the central logging component.
For full technical details and background, see the original announcement:
👉 https://www.rsyslog.com/rsyslog-gains-native-azure-monitor-logs-ingestion-support/
Rsyslog Adds Native Azure Monitor Integration via Logs Ingestion API