Direct Active directory logs vs via Syslog server to Sumo Logic

Follow
Avatar
Ramesh Pendela
  • Edited

Hello Sumo Community,

Need help and trying to figure it out the way, called sumo support but didn't get the answer.

We are forwarding active directory logs to Syslog server (Linux) using datagram open source and sumo logic is collecting the logs from Syslog.

problem here is when trying to parse the info about active directory using AD app in sumo, it is not working because the Active directory logs are changed and appearing in different format (like no EventID, no spaces between some tags).

Our AD does not have any internet connection and AD, Rsyslog servers are in same LAN (Rsyslog server has internet connection) and we are not allowed to install windows agent/remote agent to collect the logs from AD.

Is there a way to get the logs to rsyslog server without any changes in log format (I mean as it is), or sumo logic regex/parse format if you gone through with same scenario.

 

Thanks in advance,

 

0

Comments

1 comment

Sort by Date Votes
  • Avatar
    Ryan Johnson

    Hi Ramesh - Can I get you to post an example AD message here please?

    0
    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post