question

GinoHuang-3666 avatar image
0 Votes"
GinoHuang-3666 asked GinoHuang-3666 answered

Forward Azure logs to non-Azure SIEM (Amazon Elasticsearch)

Hi,

I want centralized logs to Amazon Elasticsearch, how to forward Azure logs to there? It seems not list in the partner tools with Azure Monitor integration.

Did Azure can actively send records or query from AWS?

I already have Azure Monitor.


azure-monitorazure-event-hubs
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

PRADEEPCHEEKATLA-MSFT avatar image
0 Votes"
PRADEEPCHEEKATLA-MSFT answered PRADEEPCHEEKATLA-MSFT commented

Hello @GinoHuang-3666,

Welcome to the Microsoft Q&A platform.

Unfortunately, you cannot forward Azure Logs to non-Azure SIEM.

Using Azure Monitor to route monitoring data to an Azure Event Hub allows you to easily integrate with some external SIEM and monitoring tools. The following partners are known to have integration via Event Hub.

75825-image.png.

I would suggest you to provide feedback on the same:

https://feedback.azure.com/forums/911458-event-hubs

All of the feedback you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Azure.

Hope this helps. Do let us know if you any further queries.


Please don’t forget to Accept Answer and Up-Vote wherever the information provided helps you, this can be beneficial to other community members.


image.png (53.4 KiB)
· 6
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello @GinoHuang-3666,

Just checking in to see if the above answer helped. If this answers your query, do click Accept Answer and Up-Vote for the same. And, if you have any further query do let us know.

0 Votes 0 ·

Hello @PRADEEPCHEEKATLA-MSFT

"Syslog server" shown on your Event Hub integration list pic. Is that means I can build an Azure VM run syslog service (like rsyslog) and forward Azure logs into it? If no, what is "Syslog server" means?

0 Votes 0 ·

Hello @GinoHuang-3666,

Thanks for the follow-up question.

We are reaching out to the internal team to get more help on this, I will update you once we hear back from them.

0 Votes 0 ·

Hello @GinoHuang-3666,

We are still waiting for an update from internal team. I will get back to you once we hear back from them.

Stay tuned!

0 Votes 0 ·
Show more comments
GinoHuang-3666 avatar image
0 Votes"
GinoHuang-3666 answered

Hello @PRADEEPCHEEKATLA-MSFT

Thanks, I will try to see if it is available.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.