Forum Discussion
Integrate on-premise windows syslog server with Sentinel
Hi
Our on-premise environment is totally Windows based, no linux systems or skill and we want to integrate our Sentinel environment with our on-premise Windows syslog server - kiwi - is it possible to set up the log forwarders on a windows box rather than a linux one, as it would be the only linux vm we would have
Thanks
Alistair
- You need to setup the WEC (see lino) and deploy the AMA to that Windows Server, https://learn.microsoft.com/en-us/azure/sentinel/data-connectors-reference#windows-forwarded-events-preview
Also this walks you through the process https://argonsys.com/microsoft-cloud/library/forward-on-premises-windows-security-event-logs-to-microsoft-sentinel/#:~:text=The%20Microsoft%20Sentinel%20connector%20%E2%80%9CWindows%20Forwarded%20Events%20%28Preview%29%E2%80%9D,GCP%20for%20example%29%20that%20were%20aggregated%20with%20WEF.
