CEF AMA Connector stops logging after 30 minutes

[roboftheblues]

Hi,

Replacing the Legacy Agent connector with the CEF AMA connector but cannot seem to maintain the data stream from the log forwarder (Linux Azure VM). If we restart the daemons it kicks off log collection again but then seems to stop after approx 30 mins.

Grateful for any suggestions

KR

Rob

[v-sudkharat]

Hi @roboftheblues, Thanks for flagging this issue, we will investigate this issue and get back to you with some updates by 20-03-2024. Thanks!

[v-muuppugund]

Hi @roboftheblues ,working on further trouble shooting of the issue,will update you

[v-muuppugund]

Hi @roboftheblues ,Apologies for delayed response and we are working on it,will update you

[roboftheblues]

16 hours ago we deleted the OMSAgent and once again loggin has stopped. The CEF AMA Connector is not collecting logs

[roboftheblues]

Please send any update messages to [email protected] as i am leaving the project

[askvpb]

We are also having similar issue like @roboftheblues, our CEF log take 2 hours to arrive the sentinel workspace. Keen to know the fix.

[v-sudkharat]

@askvpb, Could you please let us know, which connector you have configured (AMA or MMA)? Currently we are working on repro the configuration using AMA. Thanks!

[askvpb]

we are using AMA agents

[roboftheblues]

Microsoft.Azure.Monitor.AzureMonitorLinuxAgent Version 1.30.3 Microsoft.EnterpriseCloud.Monitoring.OmsAgentForLinux Version 1.19.0

They are running side by side, but if you remove the OMS agent Sentinel no longer receives logs

[v-sudkharat]

Thanks @roboftheblues / @askvpb for sharing info.