Trying to add Sentinel for Fortinet using a Linux proxy machine following the instructions provided on the Fortinet connector page in the Azure/Sentinel portal.
The omsagent is installed successfully, however when running the troubleshooter (cef_troubleshoot.py), we get an error message saying
Error: agent is not listening to incoming port 25226 please check that the process is up and running and the port is configured correctly.[Use netstat -an | grep [daemon port] to validate the connection or re-run ths script]
Running netstat -an | grep 25226 returns nothing.
There's not much information on this out there, and what little there is we have tried to no avail.
Here's a snippet of the last few output lines:
Current content of the daemon configuration is:
if $rawmsg contains "CEF:" or $rawmsg contains "ASA-" then @@127.0.0.1:25226
rsyslog daemon configuration was found valid.
Trying to restart syslog daemon
Restarting rsyslog daemon - 'sudo service rsyslog restart'
rsyslog daemon restarted.
This will take a few seconds.
sudo: /opt/microsoft/omsagent/bin/service_control: command not found
Omsagent restarted.
This will take a few seconds.
Incoming port grep: 0.0.0.0:514
tcp 0 0 0.0.0.0:514 0.0.0.0:* LISTEN
udp 0 0 0.0.0.0:514 0.0.0.0:*
Daemon incoming port 514 is open
Incoming port grep: 25226
Error: agent is not listening to incoming port 25226 please check that the process is up and running and the port is configured correctly.[Use netstat -an | grep [daemon port] to validate the connection or re-run ths script]
Any ideas?