Raw Logs Extraction

New Contributor

Hello everybody, I'd like to understand if in Azure Sentinel exists any way to extract the raw logs, without any parsing or normalization, for example a full sysog like the following one and not the table with already extracted field (EventTime, Facility, SeverityLevel, Hostname, SyslogMessage):
<34>1 2020-10-11T22:14:15.003Z host.domain - example message

 

Thank you in advance for any hint.

1 Reply
I do not believe there is a way to do that inside of MS Sentinel since the data has already been parsed once it gets there. You may able to create a custom connector that can read the data from the Syslog server and save it in a custom table