Forum Discussion
Not able to integrate on premise cisco ASA
We are trying to integrate on premise cisco ASA with sentinel via syslog server. We have checked we are receiving the syslog server authentication logs on sentinel but not ASA logs. We have checked while running tcp dump command cisco ASA is forwarding the logs to syslog server but we are not receiving on the sentinel.
Please find the attached SS as well
While running the troubleshooting command we are receiving the below error
could not locate cef message in tcp dump
also a warning message logs you send is comply with RFC 5424
2 Replies
Hi I'm having the same issue, did you resolve this?
- Are you using the Sentinel - Data Connector for Cisco ASA? Also have you checked the port? https://docs.microsoft.com/en-gb/azure/sentinel/connect-cisco#step-2-forward-cisco-asa-logs-to-the-syslog-agent
