NXLog as a collector for Azure App Service Logs for SIEMS

View thread

EdB

Hi all,

I am new here, so hello.

I am trying to work out a solution to collect IIS Access Log data from Azure App Services and then forward to a SIEM such as Splunk, Loggly or ElasticSearch for Security analysis, Anomoly identification and alerting.

As far I can see NXLog may provide the link between the Azure Access Logs and my chosen SIEM. Am I right? I would prefer to not get into rewriting of code, hence my interest in NXLog. In addition it appears that NXL:og seems to be widely supported by SIEM tools.

With regards to implementation, would I be correct in thinking that one needs to setup a Linux or WIndows VM on Azure with NXLog running on it. I am trying to avoid onprem installs.

In conclusion, I would welcome your advice on how I could use NXLog as a simple collector and forwarder of Access data. One final word, the Access Logs are currently stored in Azure Storage Blobs, although I could go back to storing them in the File System.

Thanks.