Azure Sentinel - Connector for Fortinet

SpringWater · ‎Nov 13 2019

Trying to connect Azure Sentinel for Fortinet on Linux proxy machine :

When adding the sentinel connector for Fortinet - to act as a proxy for forwarding Fortinet logs - received the following error : when installing the syslog agent

: IOError: [Errno 2] No such file or directory: '/etc/opt/microsoft/omsagent/xxxx/conf/omsagent.d/security_events.conf'

Version of python is 3.6.8 and and its a linux Oracle 7.7

The issue seems to be with the repository on Github as the error message says that the file or directory is not found ?

CliveWatson · ‎Nov 13 2019

@SpringWater

This thread has been helpful in the past for some ideas to try https://techcommunity.microsoft.com/t5/Azure-Sentinel/Failed-to-configure-use-CEF-syslog-facility/m-...

Roger_Fleming · ‎Nov 13 2019

@SpringWater

The OMSAgent is not installed properly on the Operating System. Run the following command to install and test the installation.

Install/upgrade/repair the agent

sudo wget https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_installer.py&& python cef_installer.py <Workspace_id> <Workspace_Key>

Check/Test/Install

sudo wget https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_troubleshoot.py... sudo python cef_troubleshoot.py <workspace_id>

Azure Sentinel - Connector for Fortinet

Azure Sentinel - Connector for Fortinet

Re: Azure Sentinel - Connector for Fortinet

Re: Azure Sentinel - Connector for Fortinet

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Azure Sentinel - Connector for Fortinet