Dec 09 2023 02:07 PM
Hey,
I am trying to set up a collector machine to collect CEF logs and logs for Cisco ASA in Sentinel using the AMA. CEF logs seem to look just fine, but the ASA log collection does not work completely. Also, when running the verification script "sudo wget -O Sentinel_AMA_troubleshoot.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/Syslog/Sentinel_AMA_tro... python Sentinel_AMA_troubleshoot.py --asa" https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/sentinel/connect-cef-ama.md#set-up-th... I get the following error: verify_DCR_content_has_stream------------------> Failure.
Based on the verification script it expects "SECURITY_CISCO_ASA_BLOB" in the stream name. Unfortunately, I have no idea how to add this and could not find any documentation.
Many thanks for any help in advance.
Dec 10 2023 03:59 AM
Dec 10 2023 11:23 AM
SolutionDec 10 2023 11:23 AM
Solution