Forum Discussion

Copper Contributor

Jan 05, 2023

Using Basic Logs for forwarded syslog events?

Hello, I have set up a Linux log forwarder to send syslog events from various network devices to Sentinel. I can see these currently are sent to the CommonSecurityLog table in the Log analyti...

Log Data

SIEM

-jmn-
Jan 10, 2023
I would recommend the AMA, the OMS becomes end-of-life on August 31st 2024.

Clive_Watson

Bronze Contributor

Did you use the AMA, in which case you need to swicth the DCR rue to send the data to a Custom Table rather than CommonSecurityLog?

https://learn.microsoft.com/en-us/azure/azure-monitor/agents/data-collection-text-log?tabs=portal

Basic Logs only supports a few named Tables (not CommonSecurityLog) https://learn.microsoft.com/en-us/azure/azure-monitor/logs/basic-logs-configure?tabs=portal-1#when-should-i-use-basic-logs

Antony Paul

Copper Contributor

Jan 05, 2023

No it is not using the AMA, it is using the Log Analytics/OMS agent as that is deployed via the scripts in the MS guide here: https://learn.microsoft.com/en-us/azure/sentinel/connect-log-forwarder?tabs=rsyslog

I'll certainly look into replacing this with the AMA if it helps me achieve what I want here.

-jmn-
Copper Contributor
Jan 10, 2023
I would recommend the AMA, the OMS becomes end-of-life on August 31st 2024.