Aug 25 2022 06:45 AM
Hi there,
So the disk got full on my log forwarder server and log forwarding stopped... I expanded the disk and now it has enough space:
However, I cannot see any new events in CommonSecurityLog table since then. I went ahead and reinstalled the OMS agent, but it still doesn't work. There are no heartbeat events either so I guess the problem will be with the OMS agent. The funny thing is that Syslog messages are arriving to Sentinel... When I run the troubleshooter everything is fine except:
Validating the CEF\ASA logs are received and are in the correct format when received by syslog daemon
sudo tac /var/log/syslog
Located 0
CEF\ASA messages
But if I run tac /var/log/messages |grep CEF I can see the CEF messages.
I ran netstat/tcpdump and messages are do hitting port 25226.
Any help would be appreciated.
Thanks
Aug 26 2022 12:00 AM
Dec 01 2022 06:00 AM