Do I need free UCs

Link your Cisco UCS (Unified Computing System) to Azure Sentinel

  • 2 minutes to read

Important

The Cisco UCS connector is currently in the Preview version. The Additional Terms of Use for Microsoft Azure Previews contain additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released for general availability.

This article explains how to connect your Cisco Unified Computing System (UCS) appliance to Azure Sentinel. The Cisco UCS data connector makes it easy to connect your UCS logs to Azure Sentinel so that you can then view the data in workbooks, use it as a template for custom alerts, and improve problem investigation. Syslog is used for the integration of Cisco UCS and Azure Sentinel.

Note

Data is stored in the geographic location of the workspace in which you run Azure Sentinel.

requirements

  • You need read and write permissions to the Azure Sentinel workspace.

  • Your Cisco UCS solution must be configured to export logs via syslog.

Forwarding Cisco UCS logs to the syslog agent

Configure Cisco UCS to route syslog messages to your Azure Sentinel workspace through the syslog agent.

  1. Select from the Azure Sentinel navigation menu Data connectors out.

  2. Select the Data connectorsCatalog the connector Cisco UCS (preview) and then Open the connector page out.

  3. Follow the instructions on the connector page Cisco UCS:

    1. Install and onboard the Agent for Linux

      • Select an Azure Linux VM or a non-Azure Linux machine (physical or virtual).
    2. Configure the logs to be collected

      • Select the facilities and severity levels in the configuration of the workspace agents.
    3. Configure and connect Cisco UCS

      • Follow these instructions to configure Cisco UCS to forward to syslog. For the remote server, use the IP address of the Linux computer on which you installed the Linux agent.

Finding data

After you have established a connection, the data is displayed in Log Analytics under "Syslog".

You can find some helpful sample queries on the tab Next Steps on the connector side.

Check connectivity

It can take up to 20 minutes for your logs to appear in Log Analytics.

Next Steps

This document described how to connect the Cisco UCS to Azure Sentinel. For more information about Azure Sentinel, see the following articles: