Jul 02 2019 01:59 PM
Does anyone have any experience / knowledge in getting Windows Server 2012 R2 Radius Server logs, being written in ODBC format as text files, into Azure Sentinel. The online info seems to be almost non existent (
Jul 03 2019 09:20 AM
From memory, Radius logs write to a file you name. You can then use Log Analytics to import the file as a custom log - I haven't tried it though?
If they can be written to a EventLog, then you can just add that log again via Log Analytics
Aug 27 2021 06:18 PM
@PeterJ_Inobits and @Anyone else finding this... query SecurityEvent in LA for where EventID == 6272 (Success) or EventID 6273 (Fail)
Aug 31 2021 05:50 AM
Sorry I'm not clear on "Anyone else finding this"? Generally you can query for multiple Event IDs, here are two methods:
SecurityEvent
| where EventID == 8008 or EventID == 8005
| summarize count() by EventID
SecurityEvent
| where EventID in(8008, 8005)
| summarize count() by EventID