Azure Sentinel Add-On

Any roadmap to create a specific Add-On for Azure Sentinel. It looks like a great fit since they are leveraging Logstash and fluentd as recommendations and those are not the easiest items to manage at scale.

AskedJuly 31, 2020 - 2:38pm

Add and sort fields of message

Hi all,
i am using nxlog to convert log from cef to json, output the same : {"SourceModuleName":"udp","timestamp":"2020-07-30T10:23:53.433042+07:00","serverity":"Low","signature":"/Execute/Query","category":"/Success","action":"keyinst","direction":"0","host":""}

AskedJuly 30, 2020 - 5:20am

How do I start?

I have been looking for a way of aggregating disparate logs and according to the Web NXLog is what I need.
I have installed NXLog Community Edition and that's it. It a running.
I had hoped for some form of web interface and from that a way of collecting log files.
But I cannot seem to find anything of such ilk.
I suspect I am missing something obvious, which is normal as I am partially sighted and tend to miss the obvious.

AskedJuly 29, 2020 - 7:49pm

using im_tcp as client (Connect mode instead of Listen Mode)


On output Module (om_tcp or om_ssl), "Listen" directives allow to configure output as a server : it will listen for incomming connection.
On input Module (in_tcp or in_ssl), i don't find any "Connect" or "Listen->False" directives to configure input as a client...
Why is it possible for output and not for input ?

We have a lot of server on DMZ Network and they can't connect to LAN Network for security reason.

AskedJuly 29, 2020 - 3:11pm

Using a regex to create a new field for syslog


I have a working configuration for sending Windows DHCP server logs to a remote syslog server, where we are combining the logs with FreeRADIUS logs for auditing and troubleshooting WiFi logon events.

AskedJuly 28, 2020 - 12:30pm