Auditd logging needs clarification

[Mrkokoo]

Documentation states the following:

Does Azure Monitor Agent support auditd logs on Linux or AUOMS? Yes, but you need to onboard to Defender for Cloud (previously Azure Security Center). It's available as an extension to Azure Monitor Agent, which collects Linux auditd logs via AUOMS.

However there are no further configuration steps clarified anywhere in MS docs that I have found that would help us configure auditd logging with the new AMA agent. This is a blocker for migration in some scenarios.

---

Document Details

⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.

• ID: bd3dca2f-629d-36e9-f0f0-8c7e64cc04ab
• Version Independent ID: f40ee991-6cb8-1eee-9a35-ebc5833d7c7f
• Content: Azure Monitor Agent overview - Azure Monitor
• Content Source: articles/azure-monitor/agents/agents-overview.md
• Service: azure-monitor
• Sub-service: agents
• GitHub Login: @guywi-ms
• Microsoft Alias: guywild

[RamanathanChinnappan-MSFT]

@Mrkokoo Thanks for your feedback! We will investigate and update as appropriate.

[AbbyMSFT]

Opened internal work item to address this issue: https://dev.azure.com/msft-skilling/Content/_workitems/edit/261693

please-close