Connecting Cisco ASA via CEF AMA Connector

Brass Contributor

I am trying to set up a collector machine to collect CEF logs and logs for Cisco ASA in Sentinel using the AMA. CEF logs seem to look just fine, but the ASA log collection does not work completely. Also, when running the verification script "sudo wget -O python --asa" I get the following error: verify_DCR_content_has_stream------------------> Failure.

Based on the verification script it expects "SECURITY_CISCO_ASA_BLOB" in the stream name. Unfortunately, I have no idea how to add this and could not find any documentation.

Many thanks for any help in advance.

2 Replies
One additional note I see ASA logs in Syslog, but not in CommonSecuirty Logs
best response confirmed by dnsrk (Brass Contributor)
For anybody interested... here is the solution
1 best response

Accepted Solutions
best response confirmed by dnsrk (Brass Contributor)