Forum Discussion
Facing issue with CEF collector via AMA
I have oracle Linux VM 7.9 i have onboarded the this VM using azure arc and created DCR rule to install the AMA agent. I'm facing issue in the CEF connectors via AMA agent, the logs are not coming i...
Guys I'm just asking to resolve this error , the mock test results are reflecting in the sentinel but the real logs are not coming
1. verify Syslog daemon forwarding configuration -- > Failure
rsyslog configuration was found invalid in this file /etc/rsyslog.d/10-azuremonitoragent-omfwd.conf .
The forwarding of the syslog daemon to the agent might not work. Please install the agent in order
to get the updated Syslog daemon forwarding conf iguration file, and try again.
2. Could not locate CEF message in tcpdump. Please verify CEF events can be sent to the machine and there is not firewall blocking incoming traffic.
3. Listen to the incoming events failure.
HELP OUT TO RESOLVE THIS ISSUE.
1. verify Syslog daemon forwarding configuration -- > Failure
rsyslog configuration was found invalid in this file /etc/rsyslog.d/10-azuremonitoragent-omfwd.conf .
The forwarding of the syslog daemon to the agent might not work. Please install the agent in order
to get the updated Syslog daemon forwarding conf iguration file, and try again.
2. Could not locate CEF message in tcpdump. Please verify CEF events can be sent to the machine and there is not firewall blocking incoming traffic.
3. Listen to the incoming events failure.
HELP OUT TO RESOLVE THIS ISSUE.
I'm kinda in the same boat with CEF logging to Sentinel Workspace. Did you resolve this?
logger2115 Same here, did you already resolved this issue friend ?
walfindobayusetya yes the data source config file needed syntax to use same port as the ama listener. This resolved the issue. The data source is of another Cloud security toolset.
- i know error this from here "/etc/rsyslog.d/10-azuremonitoragent-omfwd.conf" could you please help me to get same port beetwen AMA listener and data source?