Forum Discussion
Linux OMS Agent - "no patterns matched " Checkpoint FW Logs
Hi Community,
we will transfer via oms agent checkpoint logs to Azure Sentinel, but we have some trouble und warnings..
The Checkpoint FW sends the logs via CEF to the syslog server.
Have you some ideas whats going wrong or is missing in the config?
Thank you!
type tail
pos_file /backup/syslog/checkpoint/checkpoint.log.pos
path /backup/syslog/checkpoint/checkpoint.log
format none
tag checkpoint
root@XXXXX:~# /opt/microsoft/omsagent/bin/omsagent -c /etc/opt/microsoft/omsagent/$TENANT/conf/omsagent.conf
2021-10-22 08:57:10 +0200 [info]: reading config file path="/etc/opt/microsoft/omsagent/$TENANT/conf/omsagent.conf"
2021-10-22 08:57:10 +0200 [info]: starting fluentd-0.12.40
2021-10-22 08:57:10 +0200 [info]: gem 'fluent-plugin-mdsd' version ''
2021-10-22 08:57:10 +0200 [info]: gem 'fluentd' version '0.12.40'
2021-10-22 08:57:10 +0200 [info]: adding source type="tail"
2021-10-22 08:57:10 +0200 [info]: using configuration file: <ROOT>
type tail
pos_file /backup/syslog/checkpoint/checkpoint.log.pos
path /backup/syslog/checkpoint/checkpoint.log
format none
tag checkpoint
2021-10-22 08:57:10 +0200 [info]: following tail of /backup/syslog/checkpoint/checkpoint.log
2021-10-22 08:57:10 +0200 [warn]: no patterns matched tag="checkpoint"