Forum Discussion
Parse CEF logging and a map field within message
Hi all, I have successfully configured the oms-agent and the Microsoft CEF python log forward script on a Ubuntu 20.04 x64 VM to forward Fortinet Analyzer logging to Sentinel. I receive the CEF l...
You maybe able to parse this from the AdditionalExtensions column in your query, see these examples:
https://github.com/Azure/Azure-Sentinel/search?q=AdditionalExtensions+extract
https://github.com/Azure/Azure-Sentinel/search?q=AdditionalExtensions+extract
Thank you Clive_Watson, but ideally I want to place the ad.srccountry variable in the cs1.
Configuring this at the syslog forwarder server side is much cleaner and easier to work with. Would you happen to know how to do this?
skarol1337 Sorry I don't, hence my alternative method, hopefully someone else will know
