cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Windows Logs to Sentinel Through Syslog Server

msef280
Copper Contributor

‎Nov 09 2021 08:45 AM - last edited on ‎Dec 23 2021 04:49 AM by

‎Nov 09 2021 08:45 AM - last edited on ‎Dec 23 2021 04:49 AM by

Windows Logs to Sentinel Through Syslog Server

Hi Team,

I am trying to send the windows server, security, DNS logs to our syslog server & then push it to Azure Sentinel. If someone can provide me the steps that would be great. We are not using the agent method (data connectors) as our environment is trying to avoid that.

1,559 Views
0 Likes
1 Reply
Reply
1 Reply
Christoffer Martinsson

‎Nov 09 2021 09:32 AM - edited ‎Nov 09 2021 09:35 AM

‎Nov 09 2021 09:32 AM - edited ‎Nov 09 2021 09:35 AM

Re: Windows Logs to Sentinel Through Syslog Server

You would then need some kind of syslog forwarder on the DNS server to then push it to the linux forwarder I guess. Like this: https://4sysops.com/archives/forward-windows-events-to-a-syslog-server-with-free-solarwinds-event-lo...

But why would you want to avoid the OOB data connectors? All the logic provided by sentinel solutions/connectors and.the community work etc are built upon the events as is (not being converted to syslog signals).

A bit like fueling a Formula 1 car with apple juice :)

0 Likes
Reply