Server core event logs

fishermc · ‎Apr 15 2021

I have been using the Log Analytics agent to get on-premise server event logs into Sentinel and all has gone well with the exception for Server core boxes. Server Core isn't listed as supported (

https://docs.microsoft.com/en-us/azure/azure-monitor/agents/agents-overview#log-analytics-agent) so was wondering what is the best way to get server core logs over into Sentinel.

fishermc · ‎Apr 16 2021

You will need WEF/WEC but support for that will be added in a future release of the Azure Monitor Agent.

fishermc · ‎Apr 22 2021

Just curious if happen to know when that future release might be? Something like or 1 or 2 months or as long as a year?

Thanks for the response to the initial question.

CliveWatson · ‎Apr 23 2021

Sorry its an NDA item, are you a member of the Private Preview (if your company has an NDA with Microsoft, you can signup in the Azure Sentinel Portal - News & Guides - What's New - Private Preview link: https://forms.office.com/Pages/ResponsePage.aspx?id=v4j5cvGGr0GRqy180BHbR-kibZAPJAVBiU46J6wWF_5URDFS...)

fishermc · ‎Apr 16 2021

You will need WEF/WEC but support for that will be added in a future release of the Azure Monitor Agent.

View solution in original post

Server core event logs

Server core event logs

Re: Server core event logs

Re: Server core event logs

Re: Server core event logs

Re: Server core event logs

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Server core event logs