Forum Discussion
Sentinel Data collection rule initial setup
I am trying to setup a Data collection rule (common event format (CEF) via AMA) for getting our firewall logs into sentinel via a syslog server, but I am not sure what facility(ies) to use, is there ...
As per my understanding, I enabled LOG_LOCAL0 to LOG_LOCAL7 to ingest firewall logs into sentinel.
Sidra_Raza thank you!!