Collect logs from Unix/Linux machines
This is now done.
The first iteration to support Linux in Azure was for Azure VMs – read more here http://blogs.technet.com/b/momteam/archive/2015/07/09/you-can-now-ingest-syslog-data-into-oms-from-azure-vms.aspx
We’ve also recently announced the Linux agent for all VMs:
We are working on this, and it will most likely lit up incrementally in multiple iterations (for Azure vs ‘standalone’ or ‘SCOM’ attach mode) and not as a single item...
The first iteration (which should be available at some point this summer) covers Linux machines running in Azure only. There is a quick peek of this in the Ignite session http://channel9.msdn.com/Events/Ignite/2015/BRK3500
Vijayaraghavan L commented
Any ETA when this may be made available?
Try to use Log Stash from ELK framework
Yes both users and vendors will be able to contribute their data to some extent. We see this as being easier ingesting from Azure Storage (since we already have roles that do that - while standing up a syslog listener (and secure it!!!) is probably going to be harder/more expensive.
But yes we want both users and vendors to bring their own data eventually. Vendors would provide logic to *produce* completely new rich data types their solutions require,
while for users we think we should allow users to define their own models similar to defining patterns (maybe graphically) for 'field extraction' - this second thing is 'loosely' tracked by the idea about regular expressions here (mostly the comments there) http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519270-support-regular-expressions-regex-in-the-search
It's in our vision, but there's still some fundamental work that we need to do first before we can tackle this.
Glen Eustace commented
I really like the idea of having a syslog listener in the cloud as this opens up advisor to many more different data sources. Lots of products are able to send their log entries using the syslog protocol. BUT the next part of the equation is being able to deconstruct the payload of the log record and that is going to involve Intelligence packs, there will be a bunch of std/common ones but vendors will need to be able to contribute their formats as well and then there are the custom applications that all of us are likely to be using.
Yes, anything that allows a single pane of glass for diverse infrastructure is a great competitive advantage.