Nov 03 2019 08:01 PM
Hi,
If we want to ingest a Windows event log that isn't Security, do we need to use some combination of WEF -> PowerShell -> Syslog -> Sentinel?
If we want to tail some myapp.log file, can the agent help us or is it a case of writing our own code and - again - crafting syslog messages out of each log entry to send it on to Sentinel?
Nov 04 2019 01:04 AM
Hi @ford8k
Azure Sentinel is built using Azure Log Analytics, and that has a Windows Event Log connector (it shows up in Log Analytics not in the Sentinel connector list). So you can use that to connect your EventLogs. https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-windows-events
It also has a custom log feature so importing Linux or Windows ascii files https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-custom-logs
Nov 13 2019 01:37 PM
Goto to this site this a method to digest your custom logs:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-custom-logs