Forum Discussion
Azure Sentinel: Common Event Format (CEF) Connectors Update | PREVIEW
Azure Sentinel allows you to connect any on-premises appliance that supports Common Event Format over Syslog to Azure Sentinel. Sentinel team has been working on improving this capability and are excited to release an improved connector that simplifies the onboarding configuration steps and reduced common configuration issues.
This preview will expose new connectors and effect all the data connectors that are implemented using CEF:
- Zscaler – new
- Common Event Format (CEF)
- Check Point
- Cisco ASA
- F5
- Fortinet
- Palo Alto Networks
Interested in participating?
If you're committed to participating, please leverage this form to sign-up.
- arshad80Copper Contributor
Configured the connector but cef_troubleshoot.py.4 for Cisco ASA
this is what i get
Taking 2 snapshots in 5 seconds diff and compering the amount of CEF messages.
If found increasing CEF messages daemon is receiving CEF messages.
Validating the CEF\ASA logs are received and are in the correct format when received by syslog daemon
sudo tac /var/log/syslog
tac: failed to open ‘/var/log/syslog’ for reading: No such file or directory
Located 0
CEF\ASA messages
Validating the CEF\ASA logs are received and are in the correct format when received by syslog daemon
sudo tac /var/log/syslog
tac: failed to open ‘/var/log/syslog’ for reading: No such file or directory
Located 0
CEF\ASA messages
Error: no CEF messages received by the daemon.
Please validate that you do send CEF messages to agent.
Checking daemon incoming connection for tcp and udp - Will_NetworkCopper Contributor
I trying to send my syslog data to Azure Sentinel but, I'm seeing the following message in my Linux Syslog agent:
****
Validating the CEF\ASA logs are received and are in the correct format when received by syslog daemon
sudo tac /var/log/syslog
Located 0
CEF\ASA messages
Error: no CEF messages received by the daemon.
Please validate that you do send CEF messages to agent.****
I'm receiving syslog messages in the Linux (Ubuntu) agent from my Cisco firewall but, the CEF collector isn't forwarding them to Azure Sentinel. How do I fix this?
Thanks,
Will_Network