Forum Discussion

ShawnMay's avatar
ShawnMay
Copper Contributor
Feb 23, 2020

MCAS - Log Collector - Configuration Not Sending to MCAS

I'm fairly new to MCAS.  Am attempting to get an onPrem log collector (docker) to transmit ASA logs to the log collector in MCAS. However, something is not working.   This docker instance is runnin...
App Connectors
Cloud App Security
Cloud Discovery
Danny Kadyshevitch's avatar
Danny Kadyshevitch
Former Employee
Mar 01, 2020
Hi Shawn,

Can you please PM me with your case Id, so that I can make sure it is being handled by our support experts?

Thanks,
Danny.
  • tgreed99's avatar
    tgreed99
    Copper Contributor
    May 22, 2020

    Danny Kadyshevitch Was this resolved? I am having the same problem. My log collector is receiving ftp log files from my Palo Alto NGFW but not sending them to MCAS.

    • ShawnMay's avatar
      ShawnMay
      Copper Contributor
      May 22, 2020

      tgreed99 

       

      Here is the configuration I used to get around this mess.  1025 corresponds to the internal docker port, and 601/tcp is the host's ports.

       

      docker run
      --name ACMEASALogCollector
      -p 1025:601/tcp  <----
      -p 21:21

      -p 20000-20099:20000-20099

      • tgreed99's avatar
        tgreed99
        Copper Contributor
        May 27, 2020

        ShawnMay  Thanks Shawn, I changed from FTP to SYSLOG and this worked.

        I have another problem now. There is no data showing in the continuous report for this log collector. Is there something else I need to do? I am using a traffic syslog from a Palo Alto firewall. Tried the URL log also but same result.

         

        Thank you.

Resources