Using NXLog to enhance Azure Sentinel’s ingestion capabilities

This blog post was written as a proof of concept. The goal was to use NXLog’s support for programming languages like Perl (see the xm_perl module) to meet the Azure Monitor authentication requirements for forwarding external log sources to Microsoft Sentinel.

As we have come to expect from the world of IT, anything older than 2 years is probably deprecated at best. In this case, quite a few things have changed:

Microsoft rebranded "Azure Sentinel" as Microsoft Sentinel.
NXLog used the learnings from this proof of concept to write a native om_azure module, making this post obsolete.
Microsoft is now promoting a new improved data ingestion API (Logs Ingestion API) that may eventually replace the HTTP Data Collector API. See Migrate from the HTTP Data Collector API to the Log Ingestion API to send data to Azure Monitor Logs.

Publisher: Microsoft Tech Community’s Microsoft Sentinel Blog
Published: 02 February 2021

Read the post!