cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Facility number 13 (log audit)

%3CLINGO-SUB%20id%3D%22lingo-sub-1417693%22%20slang%3D%22en-US%22%3EFacility%20number%2013%20(log%20audit)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1417693%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20All%20%2C%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20configured%20and%20install%20Linux%20agent%20to%20receive%20syslog%20from%20an%20appliance%20that%20send%20log%20audit%20which%20is%20facility%2013.%3C%2FP%3E%3CP%3Ethe%20configuration%20file%26nbsp%3Betc%2Frsyslog.d%24%20cat%2095-omsagent.conf%20doesnt%20include%20that%20facility%20%2C%20where%20do%20I%20need%20to%20add%20it%20%3F%20any%20hint%20or%20help%20is%20much%20appreciated%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1417693%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Sentinel%20Connector%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20Sentinel%20linux%20connector%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Ousi12
Occasional Visitor

‎05-26-2020 05:56 AM

‎05-26-2020 05:56 AM

Facility number 13 (log audit)

Hi All , 

 

I have configured and install Linux agent to receive syslog from an appliance that send log audit which is facility 13.

the configuration file etc/rsyslog.d$ cat 95-omsagent.conf doesnt include that facility , where do I need to add it ? any hint or help is much appreciated 

 

Thanks 

 

175 Views
0 Likes
1 Reply
Reply
1 Reply
Dev_Choudhary

‎05-26-2020 07:18 AM

‎05-26-2020 07:18 AM

Re: Facility number 13 (log audit)

Hi @Ousi12 

 

You can write logs to a particular log file by defining in rsyslog.conf file and than you can define the path on Custom logs option under Sentinel advanced setting

Azure Sentinel workspaces --> Azure Sentinel | Settings --> Sentinel -->Advanced settings

0 Likes
Reply