Is CEF connector with custom log file possible?

Jayesh Prajapati 1 Reputation point


  • I am trying to configure CEF connector using a Linux VM as log forwarder.
  • getting a folder of syslog in connected log analytic workspace instead of "CommonSecurityEvent".
  • I am getting the data In that syslog table now what if I want to make it custom.

for ex. I want to pass a log from custom file which is on custom location.
Can anyone please guide how can I configure such scenario for sentinel CEF connector.
(referred this link to try by my self but now working.)

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,002 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Clive Watson 5,801 Reputation points MVP

    Did you run the Python steps when you enabled the "Common Event Format" Data Connector in Sentinel?

    See "Run the following command to install and apply the CEF collector:" in the instructions