Possible to send incoming LEEF log to (log collector server) up to Sentinel?

Hi all,

We are experimenting with an Azure Ubuntu VM as a log collector server.

Looking at syslog on the server itself, the incoming logs from the origin device looks to be in LEEF format - snippet of the log entry below:

May 12 16:11:34 <IP of origin device> LEEF: 2.0|<origin system>|..........

Is it possible to have these LEEF logs sent up to Sentinel's Log Analytics workspace?

All the article I read seems to only refer to CEF but nothing on LEEF?

Please advice.

Thanks in advance.

0 Replies

Products (50)