Hello experts,we are in the process of integrating Azure logs into ESM.I came to know that its not a supported log source by mcafee,. So has anyone here have experience of integrating Azure into ESM.Please guide me on the steps and prerequisites for this.
...we are now trying to import logs from Azure environment to a windows server(mcafee utility server) using a script. we are already fetching the logs using that script on a azure vm.we have identified the url and opened port 443 fr the communication to start, but its not working .can you suggest the network requirements or anything else that we need to do in a server outside of azure.
we are using a .net script to import logs from azure db.The log is in IIS format. so we are using the below config:
Data source Vendor - Microsoft
Data source Model - IIS
Data Retrieval - CIFS File source
Data format - Default
We can see the logs in a windows folder and in a tcpdump too, but we are not able to see the logs in the console. Any suggestions??
Have you tried setting Support Generic Syslogs to Log "unknown syslog" event under the data source? If the events aren't being parsed this would cause them to show up as 'Unknown' and confirm that it was parsing related.