Forum Discussion
Ingestion of Custom Logs of Files (Never Updated) in Azure Sentinel
Hi all, I need to send the custom logs of a CSV file to Azure Sentinel. New files are written daily on a collector device from several applications running on other devices. I was able to transfer th...
simonepatonico The OMS agent will not upload the data because, as far as it is concerned, the file has never changed.
I am guessing there is no way to tell the program that sends the data to write to a different file each time. I would think you would need to write a bash script to detect when the last modified file date for the file has changed and rename it using the date naming format discussed earlier so that the agent detects it as a new file. Not sure how often the file gets written to so it may be tricky making sure you do not lock the file when it needs to be written to.
Hi All
how was this resolve?
I have the same issue. I am trying to ingest a log file from Sybase, it's just one file that doesn't change but the log is written to the file every minute. The XXX.log is a per-line format and it meets all the other requirements. I created the sybase_CL and it's not working. is there a workaround?
how was this resolve?
I have the same issue. I am trying to ingest a log file from Sybase, it's just one file that doesn't change but the log is written to the file every minute. The XXX.log is a per-line format and it meets all the other requirements. I created the sybase_CL and it's not working. is there a workaround?
- thanks, simonepatonico.
Would you be able to share ur script either as a template or without sensitive details.
Also, I am now thinking that my log doesn't get a new file but a new update every 2 - 4 mins. So it retails every update in the same log file (PX1.log or QX1.BS.log). - Hello makniy,
I solved the problem making a bash script (cron job) that creates an empty file in the path checked by the OMS agent when a new file is received from the application. After waiting for 2 minutes (To be sure the OMS agent found the empty file), it copies the content of the received file in the empty file. This way, it works because the file monitored by the OMS agent changes. - @GaryBushey simonepatonico How were you guys able to resolve this?
