Share via

How to send data in syslog format to Sentinel with a python script without going through a Linux vm ?

Maxime CARMONA 60 Reputation points
2024-01-05T17:00:34.83+00:00

As part of my work I would like to send syslog data to Sentinel without going through a linux virtual machine. I wrote a python script that creates a socket with the syslog message.

There is a shadow zone however when I try to connect to my workspace, indeed I would need the url of my workspace but I can’t find it. I then wonder if there is no other way to connect to Azure Sentinel with a python script with the syslog data format. Here is my code:

import socket
import time

def send_syslog_message(message, syslog_server, syslog_port):
    try:
        # Créer une socket UDP
        sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)

        #Envoyer le message Syslog
        sock.sendto(message.encode(), (syslog_server, syslog_port))

        #Fermer la socket
        sock.close()
        print(f"Message Syslog envoyé avec succès : {message}")
    except Exception as e:
        print(f"Erreur lors de l'envoi du message Syslog : {e}")

if __name__ == "main":
    # Remplacez ces valeurs par celles de votre espace de travail Azure Sentinel
    azure_sentinel_ip = ""
    azure_sentinel_port = 514

    #Message Syslog à envoyer
    syslog_message = "Hello World".format(int(time.time()))

    # Envoyer le message Syslog à Azure Sentinel
    send_syslog_message(syslog_message, azure_sentinel_ip, azure_sentinel_port)
Microsoft Security Microsoft Sentinel

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. JamesTran-MSFT 36,906 Reputation points Microsoft Employee Moderator
    2024-01-08T19:10:51.6966667+00:00

    @Maxime CARMONA

    Thank you for your time and patience on this!

    I received a response from the Microsoft Sentinel team and when it comes to sending data in syslog format to Sentinel, without going through a Linux VM, you might be able to do this by sending data to Azure Monitor Logs with the Logs ingestion API.

    Azure Monitor Ingestion client library for Python - version 1.0.3

    The Logs Ingestion API in Azure Monitor lets you send data to a Log Analytics workspace using either a REST API call or client libraries. The API allows you to send data to supported Azure tables or to custom tables that you create. You can also extend the schema of Azure tables with custom columns to accept additional data.

    When it comes to using the Logs Ingestion API, I'd recommend reaching out to the Azure Monitor team via their Community forum so their experts can provide assistance as needed.

    Additional Links:

    I hope this helps!

    If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.

    If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.