Issues with azure sentinel on premise syslog collector

Visitor
Dear Sentinel experts,
I am trying to collect my onprem log sources PA fw and Cisco devices data using syslog collector. Syslog collector has oms agent running on it and can send its own events to Sentinel without any issues.
I could also see packets reaching on syslog collector on port 514 and port 25224/25226 are also on listen mode. All syslog facilities/ logging level is also enabled on log analytics.
Even after this oms agent is not able to understand incoming traffic and forward it to sentinel.
Any idea how to resolve this issue?
1 Reply

@ashishhingmire It seems like Syslog is working correctly so at this point I would check to make sure your 3rd party systems are sending the data to your Syslog server correctly