Dear Jan,
Thanks a lot for your help. I have requested for the sample CEF log. In the mean time if you have any document that maps the ELFF variables with CEF, kindly share it with me.
Regards
Shabeeb Kunhipocker
Senior Security Architect
P.O. Box 9307, Doha, Qatar
T +974 4407 3111 x 6177
M +974 33198481
E
shabeeb@gbmqatar.comWEBSITE<http:
www.gbmqatar.com> | LINKEDIN <https:
www.linkedin.com company gbmqatar mycompany viewasmember=true> <https:
www.linkedin.com company gbmqatar mycompany viewasmember=true> | WEBEX | TEAMS
[X]
General Marketing & Services Representative for IBM WTC
Please consider the environment before printing this email.
Original Message:
Sent: 5/19/2025 5:41:00 AM
From: Jan Turba
Subject: RE: Sending Proxy Access Logs to Azure Sentinel
Hi Shabeeb,
You can modify the format on the proxy to what ever you want on the remote end. So just customise it to fit your need. Example:
Server wants log to look like this: "user=var, client_IP=var"
Modify the proxy format to look like this: "user=$(cs-username), client_IP=$(c-ip)"
Give me an example of logs from Sentinel and I can respond with the format configure on the proxy
Hope that helps.
-Jan
Original Message:
Sent: May 14, 2025 10:45 AM
From: shabeeb kunhipocker
Subject: Sending Proxy Access Logs to Azure Sentinel
Hello,
We have a requirement to forward the Symantec Proxy access logs to Microsoft Sentinel, and Sentinel supports CEF log format. In the proxy we have support only for ELFF format, so I would like to know anyone has forwarded the proxy logs to Sentinel in CEF format. Please help.
Thanks and Regards
Shabeeb
</https:></https:></http:>