Forum Discussion
Ingesting custom logs sources and non-Security event logs
Hi,
If we want to ingest a Windows event log that isn't Security, do we need to use some combination of WEF -> PowerShell -> Syslog -> Sentinel?
If we want to tail some myapp.log file, can the agent help us or is it a case of writing our own code and - again - crafting syslog messages out of each log entry to send it on to Sentinel?
Roger_FlemingMicrosoft
Goto to this site this a method to digest your custom logs:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-custom-logs
Hi all,
I am facing the same issue, I need to collect custom logs that are written by an application as Windows Events. The links that you put up is only about file based custom logs.
Does anyone have an input on how to do this?
- CliveWatson
Hi ford8k
Azure Sentinel is built using Azure Log Analytics, and that has a Windows Event Log connector (it shows up in Log Analytics not in the Sentinel connector list). So you can use that to connect your EventLogs. https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-windows-events
It also has a custom log feature so importing Linux or Windows ascii files https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-custom-logs
