Forum Discussion

shamed's avatar
shamed
Copper Contributor
Apr 29, 2023
Solved

AMA agent in linux not sending syslog events

We have installed a Linux machine with AMA agent. We have configured DCR at CEF connector page to ingest CEF logs.   While i notice CEF logs are being ingested to Sentinel (CommonSecurityEvent) tab...
data collection
Log Data
  • LucasTrainer's avatar
    LucasTrainer
    Apr 30, 2023
    It sounds like you might need a second DCR to collect the Syslog events. One DCR will collect CEF, and the second Syslog.
LucasTrainer's avatar
LucasTrainer
Copper Contributor
Apr 30, 2023
It sounds like you might need a second DCR to collect the Syslog events. One DCR will collect CEF, and the second Syslog.
shamed's avatar
shamed
Copper Contributor
May 05, 2023
This is right. I just looked at the DCR for CEF, it was sending the logs to CommonSecurityLog. Hence why the Syslog table was empty. Had to create another DCR

Resources