Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Any way to view log data being collected?

Copper Contributor

Hi,

 

Got my first Data Source and Log Collector up and running yesterday, and have collected 221 logs, but no data is being displayed on my dashboard.  Is there a way to view this data and re-import, or is this something I have to capture the syslog data and upload? 

 

I selected a SonicWall for generic syslog data, but am actually using a WatchGuard, so I imagine things are not lining up properly.

 

Thanks

9 Replies

@Dima Donhin is this something you can speak to?

Hi,

 

I believe @J_Bailey has already resolved this issue.

@J_Bailey - can you post here what did you do in order to view the collected data?

 

Thanks,

Danny.

I haven't done it yet but was suggested in using the custom upload and making a snapshot report I believe to try and filter the data. I need to do a few things first, since there is no native syslog export from Watchguard, I want to make sure the data I'm uploading is going to be in same format. I'm writing  a generic syslog collector and am hoping to have some results by end of week.  Thanks for following up.

@J_Bailey 

Hi mate, 

I am running Watchguard XTM firewalls, I was wondering if you made any progress and also noticed there is now native support for Watchguard XTM devices.

@Oztourist 

 

Watchguard XTM log format is now supported out of the box.

 

Best,

Boris K

@Boris_Kacevich Saw this too, although have difficulty getting it to work..

I've gone down the route of setting up Ubuntu in Azure with a Docker log collector but Cloud App Security doesn't seem to pick anything up.

Firebox seems to be configured to send logs to it correctly.

Google doesn't come back with much :( 

@stierer54  I have done the same as you and not seeing any data in the CAS portal. I raised it with my WatchGuard contact and he has advised be they have a known issue with Microsoft to correct this issue. I am waiting for more details back about the issue and the expected ETA on a fix.

Hi everyone,

 

There was indeed an issue with the log format and a fix was deployed - the ETA for its availability in all tenants is during the week of the 18th of January.

If you will keep encountering this issue, I suggest opening a support case for Cloud App Security.

 

Boris

@Boris_Kacevich 

 

Do you have a case number or status update on this issue?  We also tried setup of the Log Collector from a Watchguard device and though it uploaded logs, nothing ever showed.