Forum Discussion
Using Basic Logs for forwarded syslog events?
Hello, I have set up a Linux log forwarder to send syslog events from various network devices to Sentinel. I can see these currently are sent to the CommonSecurityLog table in the Log analyti...
- I would recommend the AMA, the OMS becomes end-of-life on August 31st 2024.
Did you use the AMA, in which case you need to swicth the DCR rue to send the data to a Custom Table rather than CommonSecurityLog?
https://learn.microsoft.com/en-us/azure/azure-monitor/agents/data-collection-text-log?tabs=portal
Basic Logs only supports a few named Tables (not CommonSecurityLog) https://learn.microsoft.com/en-us/azure/azure-monitor/logs/basic-logs-configure?tabs=portal-1#when-should-i-use-basic-logs
https://learn.microsoft.com/en-us/azure/azure-monitor/agents/data-collection-text-log?tabs=portal
Basic Logs only supports a few named Tables (not CommonSecurityLog) https://learn.microsoft.com/en-us/azure/azure-monitor/logs/basic-logs-configure?tabs=portal-1#when-should-i-use-basic-logs
No it is not using the AMA, it is using the Log Analytics/OMS agent as that is deployed via the scripts in the MS guide here: https://learn.microsoft.com/en-us/azure/sentinel/connect-log-forwarder?tabs=rsyslog
I'll certainly look into replacing this with the AMA if it helps me achieve what I want here.
I'll certainly look into replacing this with the AMA if it helps me achieve what I want here.
- I would recommend the AMA, the OMS becomes end-of-life on August 31st 2024.
