Possible to send incoming LEEF log to (log collector server) up to Sentinel?

Occasional Contributor

Hi all,

We are experimenting with an Azure Ubuntu VM as a log collector server.

Looking at syslog on the server itself, the incoming logs from the origin device looks to be in LEEF format - snippet of the log entry below:

May 12 16:11:34 <IP of origin device> LEEF: 2.0|<origin system>|..........


Is it possible to have these LEEF logs sent up to Sentinel's Log Analytics workspace?

All the article I read seems to only refer to CEF but nothing on LEEF?


Please advice.


Thanks in advance.


0 Replies