Forum Discussion
joshzan
Feb 17, 2020Copper Contributor
Sending syslog from windows syslog server running kiwi
Hi,
We currently send our network logs (Fortinet) to a windows syslog server running Kiwi syslog. Rather then creating a new VM, I would like to use this server to forward the logs to Azure Sentinel. Is this possble?
It looks like the agent Azure provides only runs on Linux machines.
I believe Kiwi can forward logs to a SIEM, so can we forward the logs via Kiwi (without the agent) and then on Sentinel configure to ingest these logs?
Any help would be greatly appreciated.
Thanks,
- Ofer_ShezafMicrosoft
joshzan : unfrotunately not. The agent we provide translates from Syslog to the Sentinel API. It would not be secure to use Syslog over the Internet. The one workaround is to use Logstash, which runs on Windows and can listen to Syslog and send to Sentinel.