Send LEEF format Logs to Sentinel

Copper Contributor

Hi , 

How can I send LEEF format logs to Sentinel Workspace. Will I have to use Logstash and how ?

Is it possible to send it through Linux machine.

1 Reply

@Prashali_Shinde Not sure if the system you are accessing is using an API but you could look at using the Log Ingestion API (Logs ingestion API in Azure Monitor (Preview) - Azure Monitor | Microsoft Docs) which can then use a Data Collection rule to handle the formatting of the fields.

 

If you want to use Logstash, take a look at Connect data sources through Logstash to Microsoft Sentinel | Microsoft Docs