Is CEF connector with custom log file possible?

Jayesh Prajapati 1 Reputation point
2022-08-25T13:18:32.077+00:00

Hello,

  • I am trying to configure CEF connector using a Linux VM as log forwarder.
  • getting a folder of syslog in connected log analytic workspace instead of "CommonSecurityEvent".
  • I am getting the data In that syslog table now what if I want to make it custom.

for ex. I want to pass a log from custom file which is on custom location.
Can anyone please guide how can I configure such scenario for sentinel CEF connector.
(referred this link to try by my self but now working.)

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,002 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Clive Watson 5,801 Reputation points MVP
    2022-08-25T15:29:06.973+00:00

    Did you run the Python steps when you enabled the "Common Event Format" Data Connector in Sentinel?

    See "Run the following command to install and apply the CEF collector:" in the instructions

    234869-image.png