Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
2,930 questions
Syslog through AMA (CEF) Connector
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(156.8, 9%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBE%3C/text%3E%3C/svg%3E)
Bl()e
5
Reputation points
Hi,
Follwing up on my last question: https://learn.microsoft.com/en-us/answers/questions/1690671/syslog-through-ama-connector-not-showing-in-the-co
I have now installed Arc, and the machine is showing up on Azure Arc.
The AMA is installed and is correctly sending heartbeats to Sentinel.
I have onboarded a couple of network devices to forward syslog towards the Azure Arc enabled server.
Verified with tcpdump that the devices is sending syslog to UDP 514.
Verified with tcpdump that rsyslog is sending the syslog to AMA localhost TCP 28330
But logs does still not show up in LA/Sentinel.
After some investigation, I discovered some warning logs in /var/opt/microsoft/azuremonitoragent/logmdsd.warn:
2024-06-04T11:22:53.3910500Z: [/__w/1/s/external/WindowsAgent/src/shared/mcsmanager/lib/src/Configuration.cpp:410,ParseDataSources]Data source syslog is not implemented ErrorCode:-2146171897
2024-06-04T11:22:53.4435500Z: [/__w/1/s/external/WindowsAgent/src/shared/mcsmanager/lib/src/Configuration.cpp:410,ParseDataSources]Data source syslog is not implemented ErrorCode:-2146171897
2024-06-04T11:22:53.4435940Z: [/__w/1/s/external/WindowsAgent/src/shared/mcsmanager/lib/src/Configuration.cpp:410,ParseDataSources]Data source syslog is not implemented ErrorCode:-2146171897
2024-06-04T13:18:08.4699950Z: [/__w/1/s/external/WindowsAgent/src/shared/mcsmanager/lib/src/Configuration.cpp:410,ParseDataSources]Data source syslog is not implemented ErrorCode:-2146171897
And local error message in syslog is throwing:
azuremonitor-coreagent.service: Scheduled restart job, restart counter is at 3733.
Stopped Azure Monitor Agent CoreAgent daemon (on systemd).
Started Azure Monitor Agent CoreAgent daemon (on systemd).
amacoreagent[109235]: The required instruction sets are not supported by the current CPU.
this message throws at every restart counter.
I have tried to lookup this error message, but haven't found anything useful.
I don't either find specific technical requirements
The AMA is running on:
Operating System: Ubuntu 20.04.6 LTS
Kernel: Linux 5.4.0-182-generic
Architecture: x86-64
Viritualized, 4 cores and 8 G RAM.
Any advice?
{count} vote
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 70%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGB%3C/text%3E%3C/svg%3E)
Graham Bloice 0 Reputation points2024-06-14T09:56:32.5666667+00:00 I have a similar situation with the AMA coreagent continuously dumping and reporting
The required instruction sets are not supported by the current CPU:OS: Ubuntu 22.04.4 LTS
Kernel: 5.15.0-112-generic
Architecture: x86-64
Virtualized, 2 cores, 1 GB RAM
I've also checked the Arc extensions on the host are up to date:
MDE.Linux: 1.0.3.17
LinuxOsUpdateExtension: 1.0.43.0
LinuxPatchExtension: 1.6.54
AzureMonitorLinuxAgent: 1.31.1
-
Graham Bloice 0 Reputation points
2024-06-14T10:14:19.01+00:00 I have the same issue on a slightly newer OS. Every few seconds the Azure Monitor Agent CoreAgent daemon restarts:
Jun 14 11:07:35 hostname audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=azuremonitor-coreagent comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Jun 14 11:07:35 hostname systemd[1]: Started Azure Monitor Agent CoreAgent daemon (on systemd). Jun 14 11:07:35 hostname audit[897956]: ANOM_ABEND auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=897956 comm="amacoreagent" exe="/opt/microsoft/azuremonitoragent/bin/amacoreagent" sig=6 res=1 Jun 14 11:07:35 hostname amacoreagent[897956]: The required instruction sets are not supported by the current CPU. Jun 14 11:07:36 hostname audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='unit=azuremonitor-coreagent comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed' Jun 14 11:07:36 hostname systemd[1]: azuremonitor-coreagent.service: Main process exited, code=dumped, status=6/ABRT Jun 14 11:07:36 hostname systemd[1]: azuremonitor-coreagent.service: Failed with result 'core-dump'. Jun 14 11:07:39 hostname systemd[1]: azuremonitor-coreagent.service: Scheduled restart job, restart counter is at 249.The system info:
OS: Ubuntu 22.04.4 LTS
Kernel: 5.15.0-112-generic
Architecture: x86-64
CPU: 2
RAM: 1GB
Sign in to comment