![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(297.6, 18%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EY%3C/text%3E%3C/svg%3E)
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,065 questions
You might check out LogStash. That is supported. If you don't run Linux on-premises it is easy to standup a Linux VM in Azure as a log collector. It may be possible to collect Syslog on Windows with the new AMA agent at some point in the future.
Keep in mind that this data will arrive in Sentinel in a custom table if not collected with the collector agent. This is limiting since many workbooks, alert rules, hunter queries, and more are expecting Syslog to be in the standard table. Changing everything to use a CL is difficult and in some cases impossible. Best to use the standard ingestion method. Also the agent collector has buffering, compression, etc. that add value.
https://learn.microsoft.com/en-us/azure/sentinel/connect-logstash
