User Profile
dnsrk
Brass Contributor
Joined 2 years ago
User Widgets
Recent Discussions
Connecting Cisco ASA via CEF AMA Connector
Hey, I am trying to set up a collector machine to collect CEF logs and logs for Cisco ASA in Sentinel using the AMA. CEF logs seem to look just fine, but the ASA log collection does not work completely. Also, when running the verification script "sudo wget -O Sentinel_AMA_troubleshoot.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/Syslog/Sentinel_AMA_troubleshoot.py&&sudo python Sentinel_AMA_troubleshoot.py --asa" https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/sentinel/connect-cef-ama.md#set-up-the-connector I get the following error: verify_DCR_content_has_stream------------------> Failure. Based on the verification script it expects "SECURITY_CISCO_ASA_BLOB" in the stream name. Unfortunately, I have no idea how to add this and could not find any documentation. Many thanks for any help in advance.Solved1.3KViews0likes2Comments
Groups
Recent Blog Articles
No content to show