Forum Discussion
Microsoft Defender for Identity logs to syslog server
i had configured MDI to send logs to my syslog server.
i gave its port number, nominated sensor, all the necessary details, and used test configuration to see if a test log reached my syslog server.
and it did, but the problem is no other logs from MDI is reaching my syslog server.
could you provide information about configurations to be done in order to start getting the logs?
2 Replies
Hi, have all the logs been activated?
https://learn.microsoft.com/en-us/defender-for-identity/deploy/configure-windows-event-collection
if these audit logs are activated,
will logs regarding actions taken by Identity module start reaching syslog?
Question is from where WE can fetch logs that are related to the actions taken by MDI.
Also, collecting alerts from Microsoft Security graph API is a better option or the above is?
