https://github.com/hazcod/tail2sen
Go program that fetches Tailscale audit & network logs to ingest into Microsoft Sentinel SIEM.
https://github.com/hazcod/tail2sen
Last synced: 4 months ago
JSON representation
Go program that fetches Tailscale audit & network logs to ingest into Microsoft Sentinel SIEM.
- Host: GitHub
- URL: https://github.com/hazcod/tail2sen
- Owner: hazcod
- Created: 2023-11-28T07:01:12.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2025-04-04T06:53:52.000Z (about 1 year ago)
- Last Synced: 2025-04-04T07:34:08.383Z (about 1 year ago)
- Language: Go
- Size: 137 KB
- Stars: 2
- Watchers: 2
- Forks: 0
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# tail2sentinel
A Go program that exports Tailscale network logs and events to Microsoft Sentinel SIEM.
Two tables are used; `TailscaleAudit` for audit logs and `TailscaleNetwork` for network logs.
## Running
First create a yaml file, such as `config.yml`:
```yaml
log:
level: INFO
microsoft:
app_id: ""
secret_key: ""
tenant_id: ""
subscription_id: ""
audit_output:
resource_group: ""
workspace_name: ""
dcr:
endpoint: ""
rule_id: ""
stream_name: ""
expires_months: 6
update_table: false
network_output:
resource_group: ""
workspace_name: ""
dcr:
endpoint: ""
rule_id: ""
stream_name: ""
expires_months: 6
update_table: false
tailscale:
tailnet: ""
client_id: ""
client_secret: ""
lookback_days: 30
```
And now run the program from source code:
```shell
% make
go run ./cmd/... -config=dev.yml
INFO[0000] shipping logs module=sentinel_logs table_name=TailscaleLogs total=82
INFO[0002] shipped logs module=sentinel_logs table_name=TailscaleLogs
INFO[0002] successfully sent logs to sentinel total=82
```
Or binary:
```shell
% tail2sen -config=config.yml
```
## Building
```shell
% make build
```