Forum Discussion
Problem Automatic Log Upload - Defender for Cloud Apps
Hello Community,
I have a strange problem with the activity in the Title.
I have create Data Sources from Fortinet
And a Log collector
With the correct documentation that is linked https://learn.microsoft.com/en-us/defender-cloud-apps/discovery-docker-ubuntu-azure?tabs=centos
So i have a Fortinet Firewall that send by SYSLOG log to the VM Ubuntu in Azure, i have deploy docker, Ubuntu receive log from firewall, i see traffic is correct.
But from Cloud Apps connector remains into "Connected" state.
Regards,
Guido
Hello Community, i solved this problem, and also make an Italian Guide for Community that explain how to solve this problem.
I solved with check rsyslog log into Ubuntu Machine, there is an error that not permit to create folder into destination of syslog, after i repair permission i modify rsyslog.conf and open correct port 514 and all works fine.
Regards,
Guido
3 Replies
I'm having the same problem. What was the solution?
Hello Lucas Fumeiro, yes i solved in two way:
- Modify rsyslog.conf to accept connection from SYSLOG port 514 and open this port on ubuntu machine
- I seed in the rsyslog log that when rsyslog receive log, the serivce can't create a folder (access denied) after that i give correct permission all works fine
Many Thanks,
Regards,
Guido
Hello Community, i solved this problem, and also make an Italian Guide for Community that explain how to solve this problem.
I solved with check rsyslog log into Ubuntu Machine, there is an error that not permit to create folder into destination of syslog, after i repair permission i modify rsyslog.conf and open correct port 514 and all works fine.
Regards,
Guido
