Aug 16 2024 11:27 AM
I am trying to setup a Data collection rule (common event format (CEF) via AMA) for getting our firewall logs into sentinel via a syslog server, but I am not sure what facility(ies) to use, is there an article about the setup of this (these) rules? I tried doing searches but have found nothing relevant
Aug 18 2024 10:21 PM
Aug 20 2024 04:37 AM
@jimbo31180Hey! Once you have the firewall logs hitting your collector, you can do a TCP dump over port 514 or whatever port your receiving them on to see the facility there coming over 🙂 also depending on your firewall you can set the facility in syslog forwarding setup on your firewall.