Forum Discussion
Azure Sentinel Linux Syslog agent configuration
Hello All, I looking for help with trying to ingest Cisco NGFWv syslog messages in Azure Sentinel. I've configured my Linux Syslog agent to collect my Common Event Format (CEF) Syslog messages an...
It seems like your machine does not get CEF messages:
- "Could not locate "CEF" message in tcpdump"
- "Error: no CEF messages received by the daemon."
Can you please make sure that Cisco NGFWv can send CEF formatted messages? In case it's not supported I suggest sending the events to the Syslog table (instead of CommonSecurtyLog).