09-24-2019 03:50 AM
09-24-2019 03:50 AM
In our on-premises environment, we set up a windows with wiki syslog to collect the logs from servers, switches, firewalls, …
How can I upload the logs from on-premises to azure sentinel ?
I see that azure sentinel only supports installing agent on only Linux (which is syslog or cef connectors).
Thank you very much for your help.
09-24-2019 09:26 AMSolution
Azure Sentinel has CEF and Syslog Data connectors, Sentinel uses Log Analytics which has both an agent for Linux (Syslog v1) and Windows. Go to the "workspace settings" menu in Sentinel, then "advanced settings" and add the agent for Windows.
10-01-2019 05:30 AM
I have installed the MMA on my host and I can see the connection is Up and Successful. But I don't observe any log anayltics on my Sentinel Workspace.
Are there any additional configurations to be set up?
(Attached is the screenshot from MMA)
10-01-2019 07:16 AM
Is this Windows or Linux? Troubleshooting steps for both are here: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/agent-manage#next-steps
How long have you waited, some times depending on data type it can take a while? Are you using a OMS Gateway or direct connected to Log Analytics to the agent?
10-01-2019 07:43 AM
It is on a Windows Host, I installed the MMA (64-bit) as Add Connector for my Sentinel Workspace and it is been more than 12 hours of my configuration. But I can only receive HeartBeat events from this connector.
10-03-2019 04:18 AM
I tried going through link, but nothing helped.
Is there anything that I am missing.
10-03-2019 06:59 AM
If you have Heartbeat data then the MMA is working, what other data were you expecting?
Have you added other data to be collected in 'advanced settings' - Data e.g. https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-windows-events
by leoszalkowski on May 29, 2020
by CurlX on May 28, 2020
by Christine_Alford on May 29, 2020
by Azure-Monitor-Team on May 28, 2020