CEF connector lighting up instead of CheckPoint

New Contributor
Quick question - I have a production deployment (in the early stages) of Sentinel for a client -  think this is a basic step I'm missing. They have a CheckPoint firewall, I've set up log forwarding to Syslog from it to a Ubuntu 20.04.1 server, where in turn I ran the scripts supplied in the CheckPoint connector instructions. However, it's not showing up in Sentinel as connected  BUT the CEF connector is showing up as connected and receiving data. What did I miss?
2 Replies

@Paul Schnackenburg Not sure if this would cause the issue (not sure how it is determined if a data connector is connected) or not but Unbutu 20 is not a support version.

 

https://docs.microsoft.com/en-us/azure/azure-monitor/platform/agents-overview

@Gary Bushey Thank you - I'll blow away the Ubuntu 20 and go for an 18 instead and see if that works any better. Looking at the documentation, many sources, including CheckPoint seem to be a subset of the CEF connector.