cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Rsyslog Linux Machine to Sentinel

gaudium91
Copper Contributor

‎Sep 05 2023 08:24 AM

‎Sep 05 2023 08:24 AM

Rsyslog Linux Machine to Sentinel

Hi All, we implement two Linux machine, one for collect log and send it to Microsoft Sentinel and another machine that send log from syslog to this collector, all works fine log sent correctly to Sentinel, but from host to Sentinel view Only Hostname but not Host IP, we have modify rsyslog.conf to modify template and send IP but not hsotname, there is a way to send both Host ip and hostname ?

 

Many Thanks,

Regard,

Guido

Labels:
179 Views
0 Likes
2 Replies
Reply
2 Replies
best response confirmed by gaudium91 (Copper Contributor)
Smid

‎Sep 10 2023 11:16 PM

‎Sep 10 2023 11:16 PM

Solution

Re: Rsyslog Linux Machine to Sentinel

Hello Guido,

I believe the Host IP is obtained via DNS lookup. A log collector agent (either LAA/MMA or AMA) will try to resolve the hostname within the syslog event using its hosts DNS configuration (usually configured within /etc/resolv.conf. Make sure the required search domains have been configured, and the hostname matches a record within your DNS server.

Regards,
Arjan
1 Like
Reply
gaudium91

‎Sep 11 2023 12:45 AM

‎Sep 11 2023 12:45 AM

Re: Rsyslog Linux Machine to Sentinel

Thanks a lot smid, i modify dns configuration in this file and resolve my issue :)

Many Thanks,

Guido
0 Likes
Reply