Nov 13 2019
- last edited on
Dec 23 2021
Trying to connect Azure Sentinel for Fortinet on Linux proxy machine :
When adding the sentinel connector for Fortinet - to act as a proxy for forwarding Fortinet logs - received the following error : when installing the syslog agent
: IOError: [Errno 2] No such file or directory: '/etc/opt/microsoft/omsagent/xxxx/conf/omsagent.d/security_events.conf'
Version of python is 3.6.8 and and its a linux Oracle 7.7
The issue seems to be with the repository on Github as the error message says that the file or directory is not found ?
Nov 13 2019 10:27 AM
This thread has been helpful in the past for some ideas to try https://techcommunity.microsoft.com/t5/Azure-Sentinel/Failed-to-configure-use-CEF-syslog-facility/m-...
Nov 13 2019 01:18 PM
The OMSAgent is not installed properly on the Operating System. Run the following command to install and test the installation.
Install/upgrade/repair the agent
sudo wget https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_installer.py&& python cef_installer.py <Workspace_id> <Workspace_Key>
sudo wget https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_troubleshoot.py... sudo python cef_troubleshoot.py <workspace_id>