[Deprecated] PostgreSQL Events connector for Microsoft Sentinel
Important
Log collection from many appliances and devices is now supported by the Common Event Format (CEF) via AMA, Syslog via AMA, or Custom Logs via AMA data connector in Microsoft Sentinel. For more information, see Find your Microsoft Sentinel data connector.
PostgreSQL data connector provides the capability to ingest PostgreSQL events into Microsoft Sentinel. Refer to PostgreSQL documentation for more information.
This is autogenerated content. For changes, contact the solution provider.
Connector attributes
| Connector attribute | Description |
|---|---|
| Kusto function alias | PostgreSQLEvent |
| Kusto function url | https://aka.ms/sentinel-postgresql-parser |
| Log Analytics table(s) | PostgreSQL_CL |
| Data collection rules support | Not currently supported |
| Supported by | Microsoft Corporation |
Query samples
PostgreSQL errors
PostgreSQLEvent
| where EventSeverity in~ ('ERROR', 'FATAL')
| sort by EventEndTime
Vendor installation instructions
Note
This data connector depends on PostgreSQL parser based on a Kusto Function to work as expected. This parser is installed along with solution installation.
- Install and onboard the agent for Linux or Windows
Install the agent on the Tomcat Server where the logs are generated.
Logs from PostgreSQL Server deployed on Linux or Windows servers are collected by Linux or Windows agents.
Configure PostgreSQL to write logs to files
Edit postgresql.conf file to write logs to files:
log_destination = 'stderr'
logging_collector = on
Set the following parameters: log_directory and log_filename. Refer to the PostgreSQL documentation for more details
- Configure the logs to be collected
Configure the custom log directory to be collected
- Select the link above to open your workspace advanced settings
- From the left pane, select Settings, select Custom Logs and click +Add custom log
- Click Browse to upload a sample of a PostgreSQL log file. Then, click Next >
- Select Timestamp as the record delimiter and click Next >
- Select Windows or Linux and enter the path to PostgreSQL logs based on your configuration(e.g. for some Linux distros the default path is /var/log/postgresql/)
- After entering the path, click the '+' symbol to apply, then click Next >
- Add PostgreSQL as the custom log Name (the '_CL' suffix will be added automatically) and click Done.
Validate connectivity
It may take upwards of 20 minutes until your logs start to appear in Microsoft Sentinel.
Next steps
For more information, go to the related solution in the Azure Marketplace.