The purpose of the log aggregator is to have a log entry point for logs on premises/cloud environments to facilitate:
Simplify firewall configurations e.g. all configurations on the firewall are designated to or from the aggregator rather than multiple end points on multiple networks
Allow for environments to remain locked down e.g. workstations and end points can remain locked down and only agent or syslog traffic allowed to the log aggregator.
Local processing of logs to prevent unnecessary consumption of resources such as Internet bandwidth, cloud processing and cloud storage.
The guides in this section covers on-premises and Azure hydra deployments.