cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Azure Sentinel: Common Event Format (CEF) Connectors Update | PREVIEW

Valon_Kolica
Microsoft

‎Aug 12 2019 12:42 PM - last edited on ‎Jan 04 2022 12:25 PM by

‎Aug 12 2019 12:42 PM - last edited on ‎Jan 04 2022 12:25 PM by

Azure Sentinel: Common Event Format (CEF) Connectors Update | PREVIEW

Azure Sentinel allows you to connect any on-premises appliance that supports Common Event Format over Syslog to Azure Sentinel. Sentinel team has been working on improving this capability and are excited to release an improved connector that simplifies the onboarding configuration steps and reduced common configuration issues. 

 

This preview will expose new connectors and effect all the data connectors that are implemented using CEF:

  • Zscaler – new
  • Common Event Format (CEF)
  • Check Point
  • Cisco ASA
  • F5
  • Fortinet
  • Palo Alto Networks

Interested in participating?

If you're committed to participating, please leverage this form to sign-up.

 

2,894 Views
1 Like
2 Replies
Reply
2 Replies
arshad80

‎Apr 16 2020 08:05 PM

‎Apr 16 2020 08:05 PM

Re: Azure Sentinel: Common Event Format (CEF) Connectors Update | PREVIEW

@Valon_Kolica 

Configured the connector but cef_troubleshoot.py.4 for Cisco ASA 

this is what i get

Taking 2 snapshots in 5 seconds diff and compering the amount of CEF messages.
If found increasing CEF messages daemon is receiving CEF messages.
Validating the CEF\ASA logs are received and are in the correct format when received by syslog daemon
sudo tac /var/log/syslog
tac: failed to open ‘/var/log/syslog’ for reading: No such file or directory
Located 0
CEF\ASA messages
Validating the CEF\ASA logs are received and are in the correct format when received by syslog daemon
sudo tac /var/log/syslog
tac: failed to open ‘/var/log/syslog’ for reading: No such file or directory
Located 0
CEF\ASA messages
Error: no CEF messages received by the daemon.
Please validate that you do send CEF messages to agent.
Checking daemon incoming connection for tcp and udp

0 Likes
Reply
Will_Network

‎Oct 29 2020 08:56 AM

‎Oct 29 2020 08:56 AM

Re: Azure Sentinel: Common Event Format (CEF) Connectors Update | PREVIEW

@Valon_Kolica 

I trying to send my syslog data to Azure Sentinel but, I'm seeing the following message in my Linux Syslog agent:

****

Validating the CEF\ASA logs are received and are in the correct format when received by syslog daemon
sudo tac /var/log/syslog
Located 0
CEF\ASA messages
Error: no CEF messages received by the daemon.
Please validate that you do send CEF messages to agent.

****

I'm receiving syslog messages in the Linux (Ubuntu) agent from my Cisco firewall but, the CEF collector isn't forwarding them to Azure Sentinel. How do I fix this?

 

Thanks,

Will_Network

 

 

 

0 Likes
Reply