Jan 05 2022 11:34 AM - edited Jan 05 2022 11:58 AM
Hello All,
One of our client has Solaris server with custom application running on it that is writing the application logs to local application log file. We need to integrate that log file with Microsoft Sentinel. I believe MMA agent cannot perform this job.
I think we need to install Logstash with File Input plugin and Azure Log Analytics output plugin and specify the path to read the log files.
My question is :
Can we install Logstash directly on the Solaris machine where the logs are available locally?? or we need to install it on a separate machine and then provide some kind of connectivity to fetch the logs from the solaris machine so they are forwarded to Sentinel.
Also can we use "beats" ?? I was thinking if we can install beats on the solaris server that reads the log log files and directly forward to Azure sentinel rather than beats---> Logstash ----> sentinel. Can we just have Beats---> Sentinel????
Please guide since I am confused on this.
Thanks
Fahad.
Jan 05 2022 11:58 AM
Jan 05 2022 12:01 PM
Jan 05 2022 12:04 PM
Also in the link provided by yourself under Limitations , it says "
Jan 06 2022 03:40 AM
Jan 06 2022 03:41 AM
Jun 25 2022 12:55 PM
@Gary Bushey how we can achieve logs present in flat files in *nix system (in on-prem) to Sentinel workflow ? Any specific methodology is there to do so ?
Jul 01 2022 04:08 AM