Forum Discussion

Brass Contributor

Feb 07, 2023

Solved

Duplicate logs of CEF with Syslog

Hello, Is there a way to remove duplication of CommonSecurity and Syslog when Log collector Server is configured to forward CEF and Syslog. for example F5 WAF firewall sending Syslog with CEF fo...

data collection

omryma
Jun 13, 2023
i got a solution that worked for me:
i've created a seperate machine used only for CEF logs - on that machine just make an IPTABLES that blocks port 25224.

sudo iptables -A INPUT -p udp --dport 25224 -j DROP
sudo iptables -A OUTPUT -p udp --dport 25224 -j DROP

Steel Contributor

Feb 07, 2023

Hello Qusai_Ismail,

You can try Data collection transformations - Azure Monitor | Microsoft Learn.

Brass Contributor

Feb 07, 2023

Thanks, but this need to use Azure Monitor agent, not Log Analytic agent, yes?
Bcz we are using Log analytic agent (OMS agent)