Sentinel - mikrotik syslog parser

Question

Exist any way how import Mikrotik firewall log ? My Sentinel cannot correct parse input. The main data are in "SyslogMessage" cell. Some reason ?&nbsp;

clive_watson · Answer

You'll need to parse that data, some examples from other vendors are here: https://github.com/search?q=repo%3AAzure%2FAzure-Sentinel+syslog+parser+path%3A%2F%5EParsers%5C%2F%2F&amp;type=code When you have a working query to parse the data, you can save it as a function https://github.com/search?q=repo%3AAzure%2FAzure-Sentinel+syslog+parser+path%3A%2F%5EParsers%5C%2F%2F&amp;type=code

Forum Discussion

Sentinel - mikrotik syslog parser

Share

Resources