This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 62%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENS%3C/text%3E%3C/svg%3E)
We have a use case to collect syslog data from a custom source and ingest into Sentinel. I got to know about Syslog DataConnector from here and referred its official Microsoft document which describes to use Log analytics agent(OMS agent) but from this document and other Microsoft document only I came to know about deprecation of Log analytic agent by 2024.
So, now Can you please suggest the best way to use for ingesting syslog data into sentinel received via custom syslog source and which can be certified by Microsoft to make it available on Microsoft Sentinel Repository?
I just wanted to check in and see if you had any other questions or if you had a chance to review Clive's answer?
Hello,
Please see the AMA that replaces the MMA: https://learn.microsoft.com/en-us/azure/sentinel/connect-cef-ama This solution is available in the Portal (as a preview). If a preview isn't suitable then you can use the MMA option "legacy agent" until then.
If this helps, please "accept" the answer
I just wanted to check in and see if you had any other questions or if you were able to resolve this issue? Thank you for your time and patience throughout this.
If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.
@Nirali Shah A syslog forwarder or Logstash forwarder are solid ways to push data into Sentinel for CEF/Syslog type. Logstash is almost the preferred way due to the data transformation feature you can leverage on Logstash, it has some really useful features where you can shape and drop logs that you simply don't need.
See reference below
https://learn.microsoft.com/en-us/azure/sentinel/connect-logstash-data-connection-rules