Forum Discussion

Valon_Kolica's avatar
Valon_Kolica
Former Employee
Aug 12, 2019

Azure Sentinel: Common Event Format (CEF) Connectors Update | PREVIEW

Azure Sentinel allows you to connect any on-premises appliance that supports Common Event Format over Syslog to Azure Sentinel. Sentinel team has been working on improving this capability and are exc...
arshad80's avatar
arshad80
Copper Contributor
Apr 17, 2020

Valon_Kolica 

Configured the connector but cef_troubleshoot.py.4 for Cisco ASA 

this is what i get

Taking 2 snapshots in 5 seconds diff and compering the amount of CEF messages.
If found increasing CEF messages daemon is receiving CEF messages.
Validating the CEF\ASA logs are received and are in the correct format when received by syslog daemon
sudo tac /var/log/syslog
tac: failed to open ‘/var/log/syslog’ for reading: No such file or directory
Located 0
CEF\ASA messages
Validating the CEF\ASA logs are received and are in the correct format when received by syslog daemon
sudo tac /var/log/syslog
tac: failed to open ‘/var/log/syslog’ for reading: No such file or directory
Located 0
CEF\ASA messages
Error: no CEF messages received by the daemon.
Please validate that you do send CEF messages to agent.
Checking daemon incoming connection for tcp and udp

Resources