Forum Discussion

vincenthoag's avatar
vincenthoag
Copper Contributor
Nov 15, 2023

Ingest CEF logs in CommonSecurityLog with Logstasth

Hello We are migrating to Sentinel from Splunk. For the log ingestion we are using Native Data Connectors where we can and Logstash with the microsoft-sentinel-log-analytics-logstash-output-plugin f...
data collection
KQL
monitoring
siem
BillClarksonAntill's avatar
BillClarksonAntill
Iron Contributor
Dec 04, 2023

Hey vincenthoag 

 

Have you tried to rename the streams to "commonsecuritylog" by chance

 

				"dataFlows": [
					{
					"streams": [
						"Custom-SyslogStream"
					],
					"destinations": [
						"clv2ws1"

 

vincenthoag's avatar
vincenthoag
Copper Contributor
Dec 08, 2023
Thank you for your answer I am working on a different configuration. I am using logstash to collect the logs and play a buffer role then send encrypted logs to a VMSS with AMA in Azure that will parse the logs and send them to sentinel.
I am still working on the terraform file, I'll post it when my config is working.
Thank you for your help.

Resources