We currently send our network logs (Fortinet) to a windows syslog server running Kiwi syslog. Rather then creating a new VM, I would like to use this server to forward the logs to Azure Sentinel. Is this possble? It looks like the agent Azure provides only runs on Linux machines.
I believe Kiwi can forward logs to a SIEM, so can we forward the logs via Kiwi (without the agent) and then on Sentinel configure to ingest these logs?
@joshzan : unfrotunately not. The agent we provide translates from Syslog to the Sentinel API. It would not be secure to use Syslog over the Internet. The one workaround is to use Logstash, which runs on Windows and can listen to Syslog and send to Sentinel.