Ingesting Windows Radius Server logs into Azure Sentinel

Contributor

Does anyone have any experience / knowledge in getting Windows Server 2012 R2 Radius Server logs, being written in ODBC format as text files, into Azure Sentinel. The online info seems to be almost non existent (  

3 Replies

@PeterJ_Inobits 

 

From memory, Radius logs write to a file you name.  You can then use Log Analytics to import the file as a custom log - I haven't tried it though?

 

If they can be written to a EventLog, then you can just add that log again via Log Analytics 

@PeterJ_Inobits and @Anyone else finding this... query SecurityEvent in LA for where EventID == 6272 (Success) or EventID 6273 (Fail)

@JamesMarinacci 

 

Sorry I'm not clear on "Anyone else finding this"?  Generally you can query for multiple Event IDs, here are two methods:

SecurityEvent 
| where EventID == 8008 or EventID == 8005
| summarize count() by EventID 


SecurityEvent 
| where EventID in(8008, 8005)
| summarize count() by EventID