Forum Discussion
Connector for on-premises windows to azure sentinel
Azure Sentinel has CEF and Syslog Data connectors, Sentinel uses Log Analytics which has both an agent for Linux (Syslog v1) and Windows. Go to the "workspace settings" menu in Sentinel, then "advanced settings" and add the agent for Windows.
https://docs.microsoft.com/en-us/services-hub/health/mma-setup
Azure Sentinel has CEF and Syslog Data connectors, Sentinel uses Log Analytics which has both an agent for Linux (Syslog v1) and Windows. Go to the "workspace settings" menu in Sentinel, then "advanced settings" and add the agent for Windows.
https://docs.microsoft.com/en-us/services-hub/health/mma-setup
I have installed the MMA on my host and I can see the connection is Up and Successful. But I don't observe any log anayltics on my Sentinel Workspace.
Are there any additional configurations to be set up?
(Attached is the screenshot from MMA)
Is this Windows or Linux? Troubleshooting steps for both are here: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/agent-manage#next-steps
How long have you waited, some times depending on data type it can take a while? Are you using a OMS Gateway or direct connected to Log Analytics to the agent?
It is on a Windows Host, I installed the MMA (64-bit) as Add Connector for my Sentinel Workspace and it is been more than 12 hours of my configuration. But I can only receive HeartBeat events from this connector.
