Jan 12 2024 02:04 AM
I have oracle Linux VM 7.9 i have onboarded the this VM using azure arc and created DCR rule to install the AMA agent. I'm facing issue in the CEF connectors via AMA agent, the logs are not coming in the common security logs table.
When I run the troubleshoot command in the device I'm facing the errors.
1. verify Syslog daemon forwarding configuration -- > Failure
rsyslog configuration was found invalid in this file /etc/rsyslog.d/10-azuremonitoragent-omfwd.conf .
The forwarding of the syslog daemon to the agent might not work. Please install the agent in order
to get the updated Syslog daemon forwarding conf iguration file, and try again.
2. Could not locate CEF message in tcpdump. Please verify CEF events can be sent to the machine and there is not firewall blocking incoming traffic.
3. Listen to the incoming events failure.
HELP OUT TO RESOLVE THIS ISSUE.
Jan 15 2024 02:16 AM
Jan 15 2024 09:24 AM
Mar 11 2024 10:59 AM
May 13 2024 08:31 PM
@logger2115 Same here, did you already resolved this issue friend ?
May 14 2024 05:31 AM
@walfindobayusetya yes the data source config file needed syntax to use same port as the ama listener. This resolved the issue. The data source is of another Cloud security toolset.
May 15 2024 12:55 AM
May 15 2024 06:20 AM