Ingesting custom logs sources and non-Security event logs

New Contributor

Hi,

 

If we want to ingest a Windows event log that isn't Security, do we need to use some combination of WEF -> PowerShell -> Syslog -> Sentinel?

 

If we want to tail some myapp.log file, can the agent help us or is it a case of writing our own code and - again - crafting syslog messages out of each log entry to send it on to Sentinel?

3 Replies

Hi @ford8k 

 

Azure Sentinel is built using Azure Log Analytics, and that has a Windows Event Log connector (it shows up in Log Analytics not in the Sentinel connector list).  So you can use that to connect your EventLogs.  https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-windows-events

It also has a custom log feature so importing Linux or Windows ascii files https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-custom-logs

@Roger_Fleming 

Hi all,

I am facing the same issue, I need to collect custom logs that are written by an application as Windows Events. The links that you put up is only about file based custom logs.

 

Does anyone have an input on how to do this?