Forum Discussion
Rsyslog Linux Machine to Sentinel
Hi All, we implement two Linux machine, one for collect log and send it to Microsoft Sentinel and another machine that send log from syslog to this collector, all works fine log sent correctly to Sentinel, but from host to Sentinel view Only Hostname but not Host IP, we have modify rsyslog.conf to modify template and send IP but not hsotname, there is a way to send both Host ip and hostname ?
Many Thanks,
Regard,
Guido
- Hello Guido,
I believe the Host IP is obtained via DNS lookup. A log collector agent (either LAA/MMA or AMA) will try to resolve the hostname within the syslog event using its hosts DNS configuration (usually configured within /etc/resolv.conf. Make sure the required search domains have been configured, and the hostname matches a record within your DNS server.
Regards,
Arjan
- Hello Guido,
I believe the Host IP is obtained via DNS lookup. A log collector agent (either LAA/MMA or AMA) will try to resolve the hostname within the syslog event using its hosts DNS configuration (usually configured within /etc/resolv.conf. Make sure the required search domains have been configured, and the hostname matches a record within your DNS server.
Regards,
Arjan