NXLog as a collector for Azure App Service Logs for SIEMS
Hi all,
I am new here, so hello.
I am trying to work out a solution to collect IIS Access Log data from Azure App Services and then forward to a SIEM such as Splunk, Loggly or ElasticSearch for Security analysis, Anomoly identification and alerting.
As far I can see NXLog may provide the link between the Azure Access Logs and my chosen SIEM. Am I right? I would prefer to not get into rewriting of code, hence my interest in NXLog. In addition it appears that NXL:og seems to be widely supported by SIEM tools.
With regards to implementation, would I be correct in thinking that one needs to setup a Linux or WIndows VM on Azure with NXLog running on it. I am trying to avoid onprem installs.
In conclusion, I would welcome your advice on how I could use NXLog as a simple collector and forwarder of Access data. One final word, the Access Logs are currently stored in Azure Storage Blobs, although I could go back to storing them in the File System.
Thanks.
Hello EdB,
We're glad to see you're interested in using NXLog. NXLog could provide a link between your access logs stored in Azure and your chosen SIEM solution. You would be correct in your thinking that you'd need a place to run NXLog, whether that be a Unix/Linux/Windows/Docker host.
You would need a method of shipping logs into NXLog, this would be something that you could configure Azure OMS to do. Please refer to our documentation for details: https://nxlog.co/documentation/nxlog-user-guide#azure-oms_input