Does Azure Monitor Agent support auditd logs on Linux or AUOMS?
Yes, but you need to onboard to Defender for Cloud (previously Azure Security Center). It's available as an extension to Azure Monitor Agent, which collects Linux auditd logs via AUOMS.
However there are no further configuration steps clarified anywhere in MS docs that I have found that would help us configure auditd logging with the new AMA agent. This is a blocker for migration in some scenarios.
Document Details
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.
ID: bd3dca2f-629d-36e9-f0f0-8c7e64cc04ab
Version Independent ID: f40ee991-6cb8-1eee-9a35-ebc5833d7c7f
Documentation states the following:
Does Azure Monitor Agent support auditd logs on Linux or AUOMS? Yes, but you need to onboard to Defender for Cloud (previously Azure Security Center). It's available as an extension to Azure Monitor Agent, which collects Linux auditd logs via AUOMS.
However there are no further configuration steps clarified anywhere in MS docs that I have found that would help us configure auditd logging with the new AMA agent. This is a blocker for migration in some scenarios.
Document Details
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.