In a Sentinel project we want to connect some OnPrem log sources to LogAnalytics / Sentinel. We have OnPrem a Linux VM that acts as a LogForwarder with Syslog-NG and the OMS Agent in version 1.13.40-0.
So kind of at the core of this setup:
We also watched this webinar but not all questions were answered by this.
We have successfully connected Checkpoint Firewall logs in CEF format. Now we also want to connect Citrix Netscaler logs in Syslog format. Currently we are not successful yet. Can we process CEF and Syslog from multiple sources with one agent or do we have to start the agent with the respective config for each log source?