Forum Discussion
Ingesting Windows Radius Server logs into Azure Sentinel
Does anyone have any experience / knowledge in getting Windows Server 2012 R2 Radius Server logs, being written in ODBC format as text files, into Azure Sentinel. The online info seems to be almost non existent (
3 Replies
PeterJ_Inobits and @Anyone else finding this... query SecurityEvent in LA for where EventID == 6272 (Success) or EventID 6273 (Fail)
Sorry I'm not clear on "Anyone else finding this"? Generally you can query for multiple Event IDs, here are two methods:
SecurityEvent | where EventID == 8008 or EventID == 8005 | summarize count() by EventID SecurityEvent | where EventID in(8008, 8005) | summarize count() by EventID
From memory, Radius logs write to a file you name. You can then use Log Analytics to import the file as a custom log - I haven't tried it though?
If they can be written to a EventLog, then you can just add that log again via Log Analytics
