none
Difference between xxxJson and xxxJsonLD folders RRS feed

  • Question

  • Hi, all. I feel like this is a very stupid, basic question but I haven't found anything in the docs to answer my question. I've got AzLog writing JSON files to the AzureResourceManagerJson and AzureResourceManagerJsonLD folders. What's the difference between the two??? Is it just two different formats? We're going to be using a file parser to bring them into McAfee ESM but I'm not sure which files to utilize for this.

    Thanks for the help. :-)

    Brian


    Brian Laws (Sr. Principal Cloud Computing Engineer, SAIC)

    Friday, June 15, 2018 4:29 PM

Answers

  • Hi Brian, Yes the only difference is that the logs written into "AzureResourceManagerJsonLD" are in JSON Line Delimited format

    Noteworthy: AzLog will be deprecated in Calendar year 2019. Azure Monitor will be the replacement going forward. I would recommend taking a look at Azure monitor to meet your Log integration w/ SIEM needs.More information HERE 

    https://docs.microsoft.com/en-us/azure/security/security-azure-log-integration-faq

    Cheers.

    Monday, June 18, 2018 8:00 PM
    Moderator

All replies

  • Hi Brian, Yes the only difference is that the logs written into "AzureResourceManagerJsonLD" are in JSON Line Delimited format

    Noteworthy: AzLog will be deprecated in Calendar year 2019. Azure Monitor will be the replacement going forward. I would recommend taking a look at Azure monitor to meet your Log integration w/ SIEM needs.More information HERE 

    https://docs.microsoft.com/en-us/azure/security/security-azure-log-integration-faq

    Cheers.

    Monday, June 18, 2018 8:00 PM
    Moderator
  • Ah! That makes a lot of sense. I appreciate the answer!

    Yeah, we know that AzLog is deprecating. The problem is that my customer is using a SIEM tool that doesn't have direct support for Azure yet. Fingers crossed that they get it done before 6/1/19! 

    Brian


    Brian Laws (Sr. Principal Cloud Computing Engineer, SAIC)

    Monday, June 18, 2018 8:03 PM