Exam AZ-305 topic 1 question 10 discussion

Correct answer - Windows : Event. Linux : Syslog

To design an alerting strategy for security-related events in Azure Monitor, you should query the following Azure Monitor Logs tables: 1. SecurityEvent - This table contains security events and other system events that are generated by Windows operating systems. The table includes information about the event, such as the event ID, event source, and severity level. 2. Syslog - This table contains security-related events and other system events that are generated by Linux and other Unix-based operating systems. The table includes information about the event, such as the facility and severity level.

Remember "Event Viewer" for Windows helps me every time.

CORRECT

The given answer is correct. Event: For Windows VMs, the Event table provides a structured and centralized way to collect and analyze system and application events. It’s essential for monitoring security events, such as unauthorized access attempts, system errors, and other critical events logged by the Windows Event Viewer. Syslog: For Linux VMs, Syslog provides a similar capability by capturing system and application logs. It is essential for monitoring Linux-specific events, ensuring that you can track security-related incidents like failed SSH login attempts or application-specific warnings and errors.

Correct Answer - Windows: Events For Windows logs, we'll need to query the Event table in Azure Monitor Logs. Windows event logs data are collected into the Event table when you use the Log Analytics agent. https://learn.microsoft.com/en-us/azure/azure-monitor/agents/data-sources-windows-events Correct Answer - Linux: Syslogs For Linux logs, we'll need to query the Syslog table. The Linux system logs (syslog data) are collected into the Syslog table when you use the Log Analytics agent on Linux VMs. https://learn.microsoft.com/en-us/azure/azure-monitor/agents/data-sources-syslog

Correct answer - Windows : Event. Linux : Syslog

1. Event 2. Syslog https://learn.microsoft.com/en-us/azure/azure-monitor/agents/data-sources-windows-events#log-queries-with-windows-events https://learn.microsoft.com/en-us/azure/azure-monitor/agents/data-sources-syslog Syslog is an event logging protocol that's common to Linux. Applications send messages that might be stored on the local machine or delivered to a Syslog collector. When the Log Analytics agent for Linux is installed, it configures the local Syslog daemon to forward messages to the agent. The agent then sends the messages to Azure Monitor where a corresponding record is created.

Event and syslog

correct Windows : Event. Linux : Syslog Thanks all you have mentioned the exam dates

answer is correct

Event for MS events and Syslog for linux ones

Event and Syslog are a go. - In operating system level logging, rather than interactions with other services logging.

The given Answer is correct.

Correct - Windows : Event. Linux : Syslog

I think the correct answer is Azure Activity and Syslog. If you see in the first link it says: "You can't configure collection of security events from the workspace." If you check the link for Azure Activity the security is in the category. Link: https://docs.microsoft.com/en-us/azure/azure-monitor/reference/tables/azureactivity

Indeed, correct!