Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community

Sending syslog from windows syslog server running kiwi

Copper Contributor


We currently send our network logs (Fortinet) to a windows syslog server running Kiwi syslog. Rather then creating a new VM, I would like to use this server to forward the logs to Azure Sentinel. Is this possble?
It looks like the agent Azure provides only runs on Linux machines.

I believe Kiwi can forward logs to a SIEM, so can we forward the logs via Kiwi (without the agent) and then on Sentinel configure to ingest these logs?

Any help would be greatly appreciated.


1 Reply

@joshzan : unfrotunately not. The agent we provide translates from Syslog to the Sentinel API. It would not be secure to use Syslog over the Internet. The one workaround is to use Logstash, which runs on Windows and can listen to Syslog and send to Sentinel.