Forum Discussion
Ingesting custom logs sources and non-Security event logs
Hi, If we want to ingest a Windows event log that isn't Security, do we need to use some combination of WEF -> PowerShell -> Syslog -> Sentinel? If we want to tail some myapp.log file, can th...
Hi ford8k
Azure Sentinel is built using Azure Log Analytics, and that has a Windows Event Log connector (it shows up in Log Analytics not in the Sentinel connector list). So you can use that to connect your EventLogs. https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-windows-events
It also has a custom log feature so importing Linux or Windows ascii files https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-custom-logs