Forum Discussion
Log Forwarder with multiple log sources to Sentinel
Hello Community, In a Sentinel project we want to connect some OnPrem log sources to LogAnalytics / Sentinel. We have OnPrem a Linux VM that acts as a LogForwarder with Syslog-NG and the OMS Age...
Hey, did you get anywhere with this?
I'm in a similar position, we've got fw logs coming through as CEF (successfully) and a Citrix Netscaler which the logs are coming into port 514 but the log forwarder is not pushing those logs to port 25226.
I've created the rules and even tried it on port 25224 ( as per the Sentinel guides for Syslog) but cant seem to get the logs from incoming port 514 to 127.0.0.1:25226 and then sentinel.
I've configured the filters using rsyslog, and added everything needed for the logs.