Forward Azure logs to non-Azure SIEM (Amazon Elasticsearch)

Gino Huang 1

Hi,

I want centralized logs to Amazon Elasticsearch, how to forward Azure logs to there? It seems not list in the partner tools with Azure Monitor integration.

Did Azure can actively send records or query from AWS?

I already have Azure Monitor.

2 answers

PRADEEPCHEEKATLA-MSFT 84,456 Reputation points Microsoft Employee

2021-03-09T12:15:05.503+00:00

Hello @Gino Huang ,

Welcome to the Microsoft Q&A platform.

Unfortunately, you cannot forward Azure Logs to non-Azure SIEM.

Using Azure Monitor to route monitoring data to an Azure Event Hub allows you to easily integrate with some external SIEM and monitoring tools. The following partners are known to have integration via Event Hub.

.

I would suggest you to provide feedback on the same:

https://feedback.azure.com/forums/911458-event-hubs

All of the feedback you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Azure.

Hope this helps. Do let us know if you any further queries.

------------

Please don’t forget to Accept Answer and Up-Vote wherever the information provided helps you, this can be beneficial to other community members.
Please sign in to rate this answer.
PRADEEPCHEEKATLA-MSFT 84,456 Reputation points Microsoft Employee

2021-03-10T11:56:45.38+00:00

Hello @Gino Huang ,

Just checking in to see if the above answer helped. If this answers your query, do click Accept Answer and Up-Vote for the same. And, if you have any further query do let us know.

Gino Huang 1 Reputation point

2021-03-11T02:39:54.323+00:00

Hello @PRADEEPCHEEKATLA-MSFT

"Syslog server" shown on your Event Hub integration list pic. Is that means I can build an Azure VM run syslog service (like rsyslog) and forward Azure logs into it? If no, what is "Syslog server" means?

PRADEEPCHEEKATLA-MSFT 84,456 Reputation points Microsoft Employee

2021-03-11T03:49:48.587+00:00

Hello @Gino Huang ,

Thanks for the follow-up question.

We are reaching out to the internal team to get more help on this, I will update you once we hear back from them.

PRADEEPCHEEKATLA-MSFT 84,456 Reputation points Microsoft Employee

2021-03-15T09:09:24.22+00:00

Hello @Gino Huang ,

We are still waiting for an update from internal team. I will get back to you once we hear back from them.

Stay tuned!

PRADEEPCHEEKATLA-MSFT 84,456 Reputation points Microsoft Employee

2021-03-22T04:47:32.327+00:00

Hello @Gino Huang ,

The Azure monitor will send metrics to Event Hub. The Event Hub messages will trigger this Javascript Azure Function that will convert the message to syslog format and send to the correct server.

Note: To send the syslog messages to an internal server in a VNET, configure the Function App with VNET integration.

PRADEEPCHEEKATLA-MSFT 84,456 Reputation points Microsoft Employee

2021-03-23T04:14:24.483+00:00

Hello @Gino Huang ,
Following up to see if the above suggestion was helpful. And, if you have any further query do let us know.
Take care & stay safe!
Sign in to comment
Gino Huang 1 Reputation point

2021-03-29T02:03:39.43+00:00

Hello @PRADEEPCHEEKATLA-MSFT

Thanks, I will try to see if it is available.
Please sign in to rate this answer.

0 comments No comments
Sign in to comment

Share via

Forward Azure logs to non-Azure SIEM (Amazon Elasticsearch)

2 answers