Do we need which to write here the syslog server or the IP address of the Sophos FW device?

[ceritmustafa]

Do we need which to write here the syslog server or the IP address of the Sophos FW device?

Which one should we write? IP or hostname? @preetikr

For example: | where Computer in **("server1, server2**") and Facility == "local0"

Originally posted by @ceritmustafa in https://github.com/Azure/Azure-Sentinel/issues/1008#issuecomment-715312058

[github-actions[bot]]

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

[v-rbajaj]

@ceritmustafa Generally, it is the hostname. Check in log analytics what type of value is generating in computer attribute. As per my knowledge in case of Sophos XG we receive IP Address. So it recommented to use Server IP.

[github-actions[bot]]

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

[v-amolpatil]

Since we have not received a response in the last 5 days, we are closing your issue #1210 as per our standard operating procedures. If you still need support for this issue, feel free to re-open at any time. Thank you for your co-operation.

[github-actions[bot]]

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.