May 26 2020
05:56 AM
- last edited on
Dec 23 2021
10:17 AM
by
TechCommunityAP
May 26 2020
05:56 AM
- last edited on
Dec 23 2021
10:17 AM
by
TechCommunityAP
Hi All ,
I have configured and install Linux agent to receive syslog from an appliance that send log audit which is facility 13.
the configuration file etc/rsyslog.d$ cat 95-omsagent.conf doesnt include that facility , where do I need to add it ? any hint or help is much appreciated
Thanks
May 26 2020 07:18 AM
Hi @Ousi12
You can write logs to a particular log file by defining in rsyslog.conf file and than you can define the path on Custom logs option under Sentinel advanced setting
Azure Sentinel workspaces --> Azure Sentinel | Settings --> Sentinel -->Advanced settings