cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Microsoft Security Tech Accelerator
Dec 06 2023, 07:00 AM - 12:00 PM (PST)
Microsoft Tech Community
LIVE
Find out more

Raw Logs Extraction

Kelev
Copper Contributor

‎Jan 13 2022 02:56 AM

‎Jan 13 2022 02:56 AM

Raw Logs Extraction

Hello everybody, I'd like to understand if in Azure Sentinel exists any way to extract the raw logs, without any parsing or normalization, for example a full sysog like the following one and not the table with already extracted field (EventTime, Facility, SeverityLevel, Hostname, SyslogMessage):
<34>1 2020-10-11T22:14:15.003Z host.domain - example message

 

Thank you in advance for any hint.

1,760 Views
0 Likes
1 Reply
Reply
1 Reply
Gary Bushey

‎Jan 13 2022 11:58 AM

‎Jan 13 2022 11:58 AM

RE: Raw Logs Extraction

I do not believe there is a way to do that inside of MS Sentinel since the data has already been parsed once it gets there. You may able to create a custom connector that can read the data from the Syslog server and save it in a custom table
0 Likes
Reply