Forum Discussion

smhasn's avatar
smhasn
Copper Contributor
Oct 25, 2023
Solved

Syslog Connector | Source | Host | Logs

Hello,

 

I have a Syslog connector which is working perfect, I have a source or a host which is configured to send syslog messages to this server/VM which has Syslog connector configured. I can observe the tcpdump from the source on the Syslog Server, but the same is not available in Sentinel Logs.

 

Appreciate your help.

 

I have attached the screenshots for better understanding.

 

Regards,

Mazhar

azure
integration
KQL
siem
  • Clive_Watson's avatar
    Clive_Watson
    Oct 25, 2023
    Have you checked in the SyslogMessage column for the data your looking for?

    Syslog
    | where SyslogMessage has " < your TCP data >"

    If you find it, you'll have to parse or extract the data

2 Replies

  • Clive_Watson's avatar
    Clive_Watson
    Bronze Contributor
    Oct 25, 2023
    Have you checked in the SyslogMessage column for the data your looking for?

    Syslog
    | where SyslogMessage has " < your TCP data >"

    If you find it, you'll have to parse or extract the data
    • smhasn's avatar
      smhasn
      Copper Contributor
      Oct 25, 2023
      Thanks for the query - the logs have been received; it is more likely the device is erroring out. Have asked the team to check for the root cause as the delivery of syslog is fine.

      Thanks a ton.!!!

Resources