Data ingestion from Microsoft onprem data sources

%3CLINGO-SUB%20id%3D%22lingo-sub-2070384%22%20slang%3D%22en-US%22%3EData%20ingestion%20from%20Microsoft%20onprem%20data%20sources%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2070384%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHow%20can%20the%20logs%20be%20collected%20from%20the%20below%20log%20sources%20which%20are%20On%20prem%20sources%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMicrosoft%20Exchange%3C%2FP%3E%3CP%3EMicrosoft%20Skype%3C%2FP%3E%3CP%3EMicrosoft%20Lync%3C%2FP%3E%3CP%3EMicrosoft%20SharePoint%3C%2FP%3E%3CP%3EMicrosoft%20SCCM%20(server)%3C%2FP%3E%3CP%3EMicrosoft%20Forefront%20TMG%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2070648%22%20slang%3D%22en-US%22%3ERe%3A%20Data%20ingestion%20from%20Microsoft%20onprem%20data%20sources%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2070648%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F613764%22%20target%3D%22_blank%22%3E%40pavankemi%3C%2FA%3E%26nbsp%3BThere%20are%20instructions%20for%20SCCM%20on%20this%20page%2C%20but%20that%20seems%20to%20be%20the%20only%20item%20listed%3A%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fazure-sentinel-the-connectors-grand-cef-syslog-direct-agent%2Fba-p%2F803891%22%20target%3D%22_blank%22%3EAzure%20Sentinel%3A%20The%20connectors%20grand%20(CEF%2C%20Syslog%2C%20Direct%2C%20Agent%2C%20Custom%20and%20more)%20-%20Microsoft%20Tech%20Community%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20the%20information%20is%20not%20stored%20in%20the%20Windows%20Event%20Logs%20(which%2C%20unfortunately%2C%20appears%20to%20be%20the%20case)%2C%20you%20will%20probably%20need%20to%20write%20your%20own%20custom%20data%20connector.%26nbsp%3B%20This%20page%20gives%20you%20some%20information%20on%20how%20to%20do%20that%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fazure-monitor%2Fplatform%2Fdata-collector-api%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAzure%20Monitor%20HTTP%20Data%20Collector%20API%20-%20Azure%20Monitor%20%7C%20Microsoft%20Docs%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Contributor

Hi,

 

How can the logs be collected from the below log sources which are On prem sources

 

Microsoft Exchange

Microsoft Skype

Microsoft Lync

Microsoft SharePoint

Microsoft SCCM (server)

Microsoft Forefront TMG

1 Reply

@pavankemi There are instructions for SCCM on this page, but that seems to be the only item listed:

Azure Sentinel: The connectors grand (CEF, Syslog, Direct, Agent, Custom and more) - Microsoft Tech ...

 

If the information is not stored in the Windows Event Logs (which, unfortunately, appears to be the case), you will probably need to write your own custom data connector.  This page gives you some information on how to do that:

 

Azure Monitor HTTP Data Collector API - Azure Monitor | Microsoft Docs