Feb 07 2023 05:25 AM
Hello,
Is there a way to remove duplication of CommonSecurity and Syslog when Log collector Server is configured to forward CEF and Syslog.
for example F5 WAF firewall sending Syslog with CEF formate in facility Local0, which result to duplication.
We already configured the Log analytic Agent management to fetch the syslog of Local0, bcz there is different sources send with that facility.
Is there a way to remove duplication when taken into account that we can't change it from the source system(F5 waf)
Thanks.
Feb 07 2023 06:42 AM
Feb 07 2023 11:44 PM
Feb 08 2023 03:05 AM
I think you can use the data transformation with old Log Analytics agents as well. Because it is done on the Azure level and not on the log forwarder.
Transform or customize data at ingestion time in Microsoft Sentinel (preview) | Microsoft Learn
Feb 08 2023 11:32 PM
Mar 16 2023 04:11 AM
This workaround gets overwritten at some point by the azure sentinel no?
Jun 05 2023 02:50 AM
Jun 05 2023 02:51 AM
Jun 13 2023 03:01 AM
SolutionJun 13 2023 03:01 AM
Solution