Nov 03 2019 08:01 PM
Hi,
If we want to ingest a Windows event log that isn't Security, do we need to use some combination of WEF -> PowerShell -> Syslog -> Sentinel?
If we want to tail some myapp.log file, can the agent help us or is it a case of writing our own code and - again - crafting syslog messages out of each log entry to send it on to Sentinel?
Nov 04 2019 01:04 AM
Hi @ford8k
Azure Sentinel is built using Azure Log Analytics, and that has a Windows Event Log connector (it shows up in Log Analytics not in the Sentinel connector list). So you can use that to connect your EventLogs. https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-windows-events
It also has a custom log feature so importing Linux or Windows ascii files https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-custom-logs
Nov 13 2019 01:37 PM
Goto to this site this a method to digest your custom logs:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-custom-logs
Sep 10 2021 02:42 AM
Hi all,
I am facing the same issue, I need to collect custom logs that are written by an application as Windows Events. The links that you put up is only about file based custom logs.
Does anyone have an input on how to do this?