Connect your Squid Proxy to Azure Sentinel
This article explains how to connect your Squid Proxy appliance to Azure Sentinel. The Squid Proxy data connector allows you to easily connect your Squid logs with Azure Sentinel, so that you can view the data in workbooks, use it to create custom alerts, and incorporate it to improve investigation. Integration between Squid Proxy and Azure Sentinel makes use of local file processing by the Log Analytics agent.
Data will be stored in the geographic location of the workspace on which you are running Azure Sentinel.
- You must have read and write permission on the Azure Sentinel workspace.
Forward Squid Proxy logs to the Log Analytics agent
Configure Squid Proxy to send log files to your Azure workspace via the Log Analytics agent.
In the Azure Sentinel navigation menu, select Data connectors.
From the Data connectors gallery, select the Squid Proxy (Preview) connector, and then Open connector page.
Follow the instructions on the Squid Proxy connector page:
Install and onboard the agent for Linux
- Choose an Azure Linux VM or a non-Azure Linux machine (physical or virtual).
Configure the logs to be collected
- In the workspace advanced settings, add a custom log type, upload a sample file, and configure as directed.
Find your data
After a successful connection is established, the data appears in Logs, under Custom Logs, in the
See the Next steps tab in the connector page for some useful sample queries.
It may take up to 20 minutes until your logs start to appear in Log Analytics.
In this document, you learned how to connect Squid Proxy to Azure Sentinel. To learn more about Azure Sentinel, see the following articles:
- Learn how to get visibility into your data, and potential threats.
- Get started detecting threats with Azure Sentinel.
- Use workbooks to monitor your data.