Azure Sentinel custom logs ingestion Linux *.csv

Eduards 791 Reputation points
2021-07-22T14:20:03.56+00:00

Hello,

We configure Azure Sentinel and wanted to send custom *.csv log files from Linux VM. I installed MMA (OMS) agent on linux VM then i created custom logs by adding sample .csv file and configured it for "/root/server/.csv" location.

After some time I run my created custom_CL and there are no entries. Data from linux VM is not delivered to log analytics workspace.

We done everything based on documentation:
https://learn.microsoft.com/en-us/azure/azure-monitor/agents/data-sources-custom-logs

What could be the cause?

Format used - yyyy-MM-ddTHH:mm:ssK

Microsoft Security | Microsoft Sentinel
{count} votes

Accepted answer
  1. Eduards 791 Reputation points
    2021-07-28T08:40:08.643+00:00

    Problem was that Azure Sentinel didn't track any changes to *.csv file. After there was generated new file, based on my custom log settings everything come to Log Analytics.

    Later I parsed this data and everything is fine.

    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.