Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community

uninstall syslog connector inside Sentinel

Copper Contributor

How can I disconnect syslog connector inside the Sentinel? what are the alternative methods other than uninstalling agent inside the streaming machine? 

2 Replies
I think, but have not tried, that if you change your workspace's keys that should do it. I do not believe the keys get automatically updated in the syslog servers. Just beware that other connectors or APIs may be using those keys as well
Thank you for your direction. The connector I am using is legacy one which needs to be updated first to the latest one which will show delete option as a result. Yet, without uninstalling in the VMs and purging data in LAW, the connector does not only allow to disconnect at the Sentinel level and does not let LAW to be used only for retention purposes for now. It will remain connected and continue to ingest data and generate cost.