You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/sentinel/connect-cef-verify.md
+15-7Lines changed: 15 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,5 +1,5 @@
1
1
---
2
-
title: Validate connectivity to Azure Sentinel| Microsoft Docs
2
+
title: Validate connectivity to Azure Sentinel| Microsoft Docs
3
3
description: Validate connectivity of your security solution to make sure CEF messages are being forwarded to Azure Sentinel.
4
4
services: sentinel
5
5
documentationcenter: na
@@ -13,25 +13,33 @@ ms.devlang: na
13
13
ms.topic: conceptual
14
14
ms.tgt_pltfrm: na
15
15
ms.workload: na
16
-
ms.date: 12/30/2019
16
+
ms.date: 04/19/2020
17
17
ms.author: yelevin
18
18
19
19
---
20
20
# STEP 3: Validate connectivity
21
21
22
+
Once you have deployed your log forwarder (in Step 1) and configured your security solution to send it CEF messages (in Step 2), follow these instructions to verify connectivity between your security solution and Azure Sentinel.
22
23
24
+
## Prerequisites
23
25
24
-
After you deployed the agent and configured your security solution to forward CEF messages, use this article to understand how to verify connectivity between Azure Sentinel and your security solution.
26
+
- You must have elevated permissions (sudo) on your machine.
27
+
28
+
- Make sure that you have Python on your machine using the following command: `python –version`
25
29
26
30
## How to validate connectivity
27
31
28
-
1. Open Log Analytics to make sure that logs are received using the CommonSecurityLog schema.<br> It may take upwards of 20 minutes until your logs start to appear in Log Analytics.
32
+
1. From the Azure Sentinel navigation menu, open **Logs**. Run a query using the **CommonSecurityLog** schema to see if you are receiving logs from your security solution.<br>
33
+
Be aware that it may take about 20 minutes until your logs start to appear in **Log Analytics**.
34
+
35
+
1. If you don't see any results from the query, verify that events are being generated from your security solution, or try generating some, and verify they are being forwarded to the Syslog forwarder machine you designated.
29
36
30
-
1. Before you run the script, we recommend that you send messages from your security solution to make sure they are being forwarded to the Syslog proxy machine you configured.
31
-
1. You must have elevated permissions (sudo) on your machine. Make sure that you have Python on your machine using the following command: `python –version`
32
-
1. Run the following script to check connectivity between the agent, Azure Sentinel, and your security solution. It checks that the daemon forwarding is properly configured, listens on the correct ports, and that nothing is blocking communication between the daemon and the Log Analytics agent. The script also sends mock messages 'TestCommonEventFormat' to check end-to-end connectivity. <br>
37
+
1. Run the following script to check connectivity between your security solution, the log forwarder, and Azure Sentinel. This script checks that the daemon is listening on the correct ports, that the forwarding is properly configured, and that nothing is blocking communication between the daemon and the Log Analytics agent. It also sends mock messages 'TestCommonEventFormat' to check end-to-end connectivity. <br>
0 commit comments