Forum Discussion
MDE Onboard syslog/cef collectors. Possible?
Hi, Can you onboard syslog/cef collectors running either the legacy agent or the new AMA to MDE without affecting the log collector capability? Regards, Tim
If you collect CEF log then why you bother syslog ?? The advantage of CEF over Syslog is that it ensures the data is normalized making it more immediately useful for analysis using Sentinel. However, unlike many other SIEM products, Sentinel allows ingesting unparsed Syslog events and performing analytics on them using query time parsing.
The number of systems supporting Syslog or CEF is in the hundreds, please make sure to check out the Azure Sentinel grand list for a comprehensive list of sources supporting CEF.
The number of systems supporting Syslog or CEF is in the hundreds, please make sure to check out the Azure Sentinel grand list for a comprehensive list of sources supporting CEF.
- Agreed
- Sorry I meant can you onboard log collectors to MDE without any adverse effect to the collector function?
- If you want to onboard log collectors into MDE make sure you use supported OS version of MDE
