Forum Discussion
Sentinel Data collection rule initial setup
I am trying to setup a Data collection rule (common event format (CEF) via AMA) for getting our firewall logs into sentinel via a syslog server, but I am not sure what facility(ies) to use, is there ...
jimbo31180Hey! Once you have the firewall logs hitting your collector, you can do a TCP dump over port 514 or whatever port your receiving them on to see the facility there coming over 🙂 also depending on your firewall you can set the facility in syslog forwarding setup on your firewall.