Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Facility number 13 (log audit)

Copper Contributor

Hi All , 

 

I have configured and install Linux agent to receive syslog from an appliance that send log audit which is facility 13.

the configuration file etc/rsyslog.d$ cat 95-omsagent.conf doesnt include that facility , where do I need to add it ? any hint or help is much appreciated 

 

Thanks 

 

1 Reply

Hi @Ousi12 

 

You can write logs to a particular log file by defining in rsyslog.conf file and than you can define the path on Custom logs option under Sentinel advanced setting

Azure Sentinel workspaces --> Azure Sentinel | Settings --> Sentinel -->Advanced settings