Configure syslog from two different sources

%3CLINGO-SUB%20id%3D%22lingo-sub-2454035%22%20slang%3D%22en-US%22%3EConfigure%20syslog%20from%20two%20different%20sources%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2454035%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20currently%20have%20CheckPoint%20Firewall%20logs%20coming%20to%20my%20Azure%20Linux%20server%20in%20CEF%20format%20and%20those%20are%20getting%20sent%20to%20Sentinel%20without%20issue.%20I%20am%20currently%20trying%20to%20get%20Cisco%20Meraki%20syslog%20to%20send%20to%20Azure%20Sentinel%20as%20well%20using%20the%20same%20server.%20Can%20I%20send%20both%20of%20these%20logs%20to%20port%20514%20on%20my%20Azure%20server%20running%20the%20oms%20agent%3F%20If%20so%20can%20someone%20help%20me%20get%20these%20logs%20flowing%20to%20Sentinel.%20If%20not%20can%20someone%20please%20guide%20me%20on%20the%20configuration%20files%20I%20would%20need%20to%20update%3F%20Thanks.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2457697%22%20slang%3D%22en-US%22%3ERe%3A%20Configure%20syslog%20from%20two%20different%20sources%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2457697%22%20slang%3D%22en-US%22%3EBoth%20logs%20can%20be%20sent%20on%20poet%20514.%20Did%20you%20go%20to%20though%20the%20Azure%20Sentinel%20built-in%20connector%20for%20Cisco%20Meraki%20which%20is%20still%20in%20preview%20and%20its%20documentation%3F%3CBR%20%2F%3Ethough%20this%20is%20for%20reporting%20the%20link%20below%20should%20get%20some%20info%20on%20your%20port%20related%20question.%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocumentation.meraki.com%2FGeneral_Administration%2FMonitoring_and_Reporting%2FMeraki_Device_Reporting_-_Syslog%252C_SNMP%252C_and_API%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocumentation.meraki.com%2FGeneral_Administration%2FMonitoring_and_Reporting%2FMeraki_Device_Reporting_-_Syslog%252C_SNMP%252C_and_API%3C%2FA%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

Hello,

 

I currently have CheckPoint Firewall logs coming to my Azure Linux server in CEF format and those are getting sent to Sentinel without issue. I am currently trying to get Cisco Meraki syslog to send to Azure Sentinel as well using the same server. Can I send both of these logs to port 514 on my Azure server running the oms agent? If so can someone help me get these logs flowing to Sentinel. If not can someone please guide me on the configuration files I would need to update? Thanks.

1 Reply
Both logs can be sent on poet 514. Did you go to though the Azure Sentinel built-in connector for Cisco Meraki which is still in preview and its documentation?
though this is for reporting the link below should get some info on your port related question.
https://documentation.meraki.com/General_Administration/Monitoring_and_Reporting/Meraki_Device_Repor...