Forwarder_AMA_installer.py Replaces /etc/rsyslog.conf with syslog_ng Configuration

[alexfilbert]

Describe the bug
Running the Azure/Azure-Sentinel/blob/master/DataConnectors/Syslog/Forwarder_AMA_installer.py script causes the /etc/rsyslog.conf file to be replaced with the syslog_ng configuration.

To Reproduce
Run the script on a linux system configured to run the rsyslog daemon.

Expected behavior
The Forwarder_AMA_installer.py script should add the necessary entries to the /etc/rsyslog.conf file.

Desktop (please complete the following information):

• OS: Debian 12
• rsyslog version 8.2302.0-1

Additional context
Replacing the reference to "rsyslog_conf_path" on line 269 with "syslog_ng_conf_path" appears to fix the issue.

[v-mabrindha]

@alexfilbert, Thanks for reporting this issue, we are checking on it with team and get back to you with some update. Thanks!

[v-mabrindha]

@alexfilbert ,
Thank you for the suggestion. We have updated the code accordingly.
Could you please run the below script in a Linux environment?

Script :
sudo wget -O Forwarder_AMA_installer.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/9ae6b862a697242ee4b4fb6a9ceb75eefe1b8004/DataConnectors/Syslog/Forwarder_AMA_installer.py python Forwarder_AMA_installer.py

Let us know if this resolves your issue.

Thanks.

[alexfilbert]

This appears to have resolved the issue.

Thank you.