Forum Discussion

csmits's avatar
csmits
Copper Contributor
Jul 15, 2020

OMSAgent - CEF logs are sent but not appearing in Sentinel

Hi,   We are trying to forward CEF logs to Sentinel using an oms-agent instance. We have successfully onboarded the logs at first, but after about an hour, logs stopped appearing.   We have turne...
csmits's avatar
csmits
Copper Contributor
Jul 20, 2020

Rod_TrentThanks for the insight. It is a Check Point device, and the "Check Point" connector has turned green and is thus active. I suspect the parsing is okay, because ingestion does happen.

However, it looks like the ingestion is hitting some rate limits. Logs start reappearing every day between 12:00 and 13:00, after which they stop showing for 24 hours. This is a repetitive cycle. I will check back to see what kind of response is sent when data is ingested (the omsagent logs still show: "successfully sent logs").

Ofer_Shezaf's avatar
Ofer_Shezaf
Icon for Microsoft rankMicrosoft
Jul 28, 2020

csmits : I think such an issue is hard to resolve in the community and is very important for us to resolve. Can you open a support ticket?