Is it possible to import logs that are being written into an SQL server table, into Sentinel?

%3CLINGO-SUB%20id%3D%22lingo-sub-1494200%22%20slang%3D%22en-US%22%3EIs%20it%20possible%20to%20import%20logs%20that%20are%20being%20written%20into%20an%20SQL%20server%20table%2C%20into%20Sentinel%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1494200%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20have%20an%20environment%20in%20Azure%20where%20for%20some%20reason%2C%20application%20logs%20are%20being%20written%20into%20a%20separate%20SQL%20Server%20table.%20How%20do%20we%20bring%20that%20log%20data.%20from%20a%20SQL%20server%20table%20into%20Sentinel%3F%20do%20we%20convert%20the%20table%2C%20into%20a%20flat%20file%20and%20then%20import%20or%20any%20other%20convenient%20way%20is%20possible%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

We have an environment in Azure where for some reason, application logs are being written into a separate SQL Server table. How do we bring that log data. from a SQL server table into Sentinel? do we convert the table, into a flat file and then import or any other convenient way is possible?

2 Replies

@vipsys I am not aware of a way directly, but you can use a Logic App that will read your SQL table and then copy the data into a custom log. 

 

There is a connector in Logic Apps that will allow you to kick it off when a new item is created in SQL Server. Then us the Azure Log Analytics Data Collector's Send Data action to send it to your log.