How to setup an Ubuntu SYSLOG Server for AMA Monitor Log Ingestion for Sentinel

sudo apt update

sudo apt-get update

sudo apt install rsyslog

sudo apt install net-tools

sudo apt install policycoreutils

sudo wget -O Forwarder_AMA_installer.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/Syslog/Forwarder_AMA_installer.py&&sudo python3 Forwarder_AMA_installer.py

Fortinet 

config log syslogd setting
set status enable
set format cef
set port 514
set server 10.50.10.17
set source-ip 10.20.10.1
end

sudo wget -O cef_troubleshoot.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_troubleshoot.py&&sudo python3 cef_troubleshoot.py

https://learn.microsoft.com/en-us/azure/sentinel/connect-cef-syslog-ama?tabs=portal

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Powered by WordPress | Made with ❤ by Themely