Forum Discussion
Solved
MACS Log Collector on RHEL not receiving logs
Hi I'm in the process of deploying a new log collector on RHEL 7, I've configured it in the MCAS portal and deployed the docker container, I can see it as connected in the console with no data receiv...
- Having logged a support ticket and had it bounce around for all the same things listed in that link we've eventually discovered a corrupt file in the container. Despite redeploying the container multiple times it appears there was an issue with /etc/rsyslog.d/50-default.conf it was inaccessible to things like vi and cat and appeared to prevent the rsyslog process from working correctly. Running touch on the file appears to have corrected the issue and we are now seeing the messages file being populated as expected.
Try this first:
https://docs.microsoft.com/en-us/defender-cloud-apps/troubleshooting-cloud-discovery
And contact support if that does not help resolve the issue.
https://docs.microsoft.com/en-us/defender-cloud-apps/troubleshooting-cloud-discovery
And contact support if that does not help resolve the issue.
Having logged a support ticket and had it bounce around for all the same things listed in that link we've eventually discovered a corrupt file in the container. Despite redeploying the container multiple times it appears there was an issue with /etc/rsyslog.d/50-default.conf it was inaccessible to things like vi and cat and appeared to prevent the rsyslog process from working correctly. Running touch on the file appears to have corrected the issue and we are now seeing the messages file being populated as expected.