cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to forward custom application logs from Solaris Web Application to Microsoft Sentinel

FahadAhmed
Brass Contributor

‎Jan 05 2022 11:34 AM - edited ‎Jan 05 2022 11:58 AM

‎Jan 05 2022 11:34 AM - edited ‎Jan 05 2022 11:58 AM

How to forward custom application logs from Solaris Web Application to Microsoft Sentinel

Hello All,

 

One of our client has Solaris server with custom application running on it that is writing the application logs to local application log file. We need to integrate that log file with Microsoft Sentinel. I believe MMA agent cannot perform this job. 

I think we need to install Logstash with File Input plugin and Azure Log Analytics output plugin and specify the path to read the log files.

 

My question is :

Can we install Logstash directly on the Solaris machine where the logs are available locally?? or we need to install it on a separate machine and then provide some kind of connectivity to fetch the logs from the solaris machine so they are forwarded to Sentinel.

 

Also can we use "beats" ?? I was thinking if we can install beats on the solaris server that reads the log log files and directly forward to Azure sentinel rather than beats---> Logstash ----> sentinel. Can we just have Beats---> Sentinel????

 

Please guide since I am confused on this.

 

Thanks

Fahad.

1,182 Views
0 Likes
7 Replies
Reply
7 Replies
Gary Bushey

‎Jan 05 2022 11:58 AM

‎Jan 05 2022 11:58 AM

Re: How to forward custom application logs from Solaris Web Application to Microsoft Sentinel

You may want to see if the Azure Monitor Agent will work for you. You can define which logs you want to ingest. https://docs.microsoft.com/en-us/azure/azure-monitor/agents/azure-monitor-agent-overview?tabs=PowerS...
0 Likes
Reply
FahadAhmed

‎Jan 05 2022 12:01 PM

‎Jan 05 2022 12:01 PM

Re: How to forward custom application logs from Solaris Web Application to Microsoft Sentinel

Hi Gary, Thank you for the quick response. The solaris server is on premise, as far as I am aware of, AMA agent can only be installed if Azure ARC is deployed on the solaris server? Correct me if I am wrong? Thanks
0 Likes
Reply
FahadAhmed

‎Jan 05 2022 12:04 PM

‎Jan 05 2022 12:04 PM

Re: How to forward custom application logs from Solaris Web Application to Microsoft Sentinel

Also in the link provided by yourself under Limitations , it says "

  • No support for collecting file based logs or IIS logs." so file based logs cannot be collected. Please mention if the newer versions supports this or not?
0 Likes
Reply
Gary Bushey

‎Jan 06 2022 03:41 AM

‎Jan 06 2022 03:41 AM

Re: How to forward custom application logs from Solaris Web Application to Microsoft Sentinel

Sorry, I thought you were writing to the Windows log system. If you are just logging to a file then the AMA will not work for you.
0 Likes
Reply
SanthoshIyy

‎Jun 25 2022 12:55 PM

‎Jun 25 2022 12:55 PM

Re: How to forward custom application logs from Solaris Web Application to Microsoft Sentinel

@Gary Bushey  how we can achieve logs present in flat files in *nix system (in on-prem) to Sentinel workflow ? Any specific methodology is there to do so ? 

0 Likes
Reply
Gary Bushey

‎Jul 01 2022 04:08 AM

‎Jul 01 2022 04:08 AM

Re: How to forward custom application logs from Solaris Web Application to Microsoft Sentinel

I don't think there is anything out of the box to handle this, but it can be done using a Logic App
0 Likes
Reply