cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Syslog host IP issues

davidbrilliant
New Contributor

‎Jul 29 2019 08:37 AM

‎Jul 29 2019 08:37 AM

Syslog host IP issues

Has anybody run into an issue within syslogs where IP addresses are showing up in the SyslogMessage column, but not in the the HostIP column? I am seeing ssh attempts from IP's but the originating IP is in the SysLogMessage description while HostIP shows unknown or 127.0.0.1. I believe this could also be what is causing my potentially malicious event map to show "No Data Was Found". 

 

Any help would be greatly appreciated!

999 Views
0 Likes
1 Reply
Reply
1 Reply
Nicholas DiCola (SECURITY JEDI)

‎Aug 01 2019 04:46 PM

‎Aug 01 2019 04:46 PM

Re: Syslog host IP issues

Hi 

Is this syslog from a local machine with the agent?  Or syslog CEF where a message is being sent via CEF to a machine with the agent?

 

Either way, could you share the source message format?  and a screen capture of the data in the Azure Sentinel workspace?

0 Likes
Reply