cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Can we use exported Syslog data to connect with sentinel?

%3CLINGO-SUB%20id%3D%22lingo-sub-846491%22%20slang%3D%22en-US%22%3ECan%20we%20use%20exported%20Syslog%20data%20to%20connect%20with%20sentinel%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-846491%22%20slang%3D%22en-US%22%3E%3CP%3ECan%20we%20use%20exported%20Syslog%20data%20to%20connect%20with%20sentinel%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20portion%20of%20my%20syslog%20data%2C%20which%20i%20want%20to%20integrate%20with%20Sentinel.%20As%20i%20don't%20want%20to%20install%20sentinel%20agent%20directly%20on%20my%20production%20syslog%20server.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECan%20Syslog%20agent%20can%20read%20the%20data%20from%20exported%20file%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-846491%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ESentinel%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Esyslog%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-847085%22%20slang%3D%22en-US%22%3ERe%3A%20Can%20we%20use%20exported%20Syslog%20data%20to%20connect%20with%20sentinel%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-847085%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F379614%22%20target%3D%22_blank%22%3E%40dileepjk%3C%2FA%3E%26nbsp%3Byou%20have%20to%20install%20the%20agent%20OR%20write%20something%20to%20upload%20the%20file%20to%20the%20log%20analytics%20API.%26nbsp%3B%20if%20you%20write%20something%20it%20will%20end%20up%20in%20a%20custom%20log%20vs%20CommonSecurityLog%3C%2FP%3E%3C%2FLINGO-BODY%3E
dileepjk
Occasional Visitor

‎Sep 10 2019 05:33 AM

‎Sep 10 2019 05:33 AM

Can we use exported Syslog data to connect with sentinel?

Can we use exported Syslog data to connect with sentinel?

 

I have portion of my syslog data, which i want to integrate with Sentinel. As i don't want to install sentinel agent directly on my production syslog server.

 

Can Syslog agent can read the data from exported file? 

Labels:
225 Views
0 Likes
1 Reply
Reply
1 Reply
Nicholas DiCola (SECURITY JEDI)

‎Sep 10 2019 09:27 AM

‎Sep 10 2019 09:27 AM

Re: Can we use exported Syslog data to connect with sentinel?

@dileepjk you have to install the agent OR write something to upload the file to the log analytics API.  if you write something it will end up in a custom log vs CommonSecurityLog

0 Likes
Reply