Hi All ,
I have configured and install Linux agent to receive syslog from an appliance that send log audit which is facility 13.
the configuration file etc/rsyslog.d$ cat 95-omsagent.conf doesnt include that facility , where do I need to add it ? any hint or help is much appreciated
You can write logs to a particular log file by defining in rsyslog.conf file and than you can define the path on Custom logs option under Sentinel advanced setting
Azure Sentinel workspaces --> Azure Sentinel | Settings --> Sentinel -->Advanced settings