{ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": { "dcrName": { "type": "string", "minLength": 1, "metadata": { "description": "Data Collection Rule name" } }, "location": { "type": "string", "defaultValue": "[resourceGroup().location]", "metadata": { "description": "Data Collection Rule Location" } }, "workspaceResourceId": { "type": "string", "minLength": 1, "metadata": { "description": "LogAnalytics Workspace Resource ID" } } }, "resources": [ { "type": "Microsoft.Insights/dataCollectionRules", "apiVersion": "2019-11-01-preview", "name": "[parameters('dcrName')]", "location": "[parameters('location')]", "kind": "Linux", "properties": { "dataSources": { "syslog": [ { "streams": [ "Microsoft-CommonSecurityLog" ], "facilityNames": [ "auth", "authpriv", "cron", "daemon", "mark", "kern", "local0", "local1", "local2", "local3", "local4", "local5", "local6", "local7", "lpr", "mail", "news", "syslog", "user", "UUCP" ], "logLevels": [ "Debug", "Info", "Notice", "Warning", "Error", "Critical", "Alert", "Emergency" ], "name": "sysLogsDataSource" } ] }, "destinations": { "logAnalytics": [ { "workspaceResourceId": "[parameters('workspaceResourceId')]", "name": "la-data-destination" } ] }, "dataFlows": [ { "streams": [ "Microsoft-CommonSecurityLog" ], "destinations": [ "la-data-destination" ] } ] } } ] }