on-premises log has not been appeared in Cloud Discovery log(MCAS)

Question

In my environment, sending on-premise devices logs to Cloud Discovery with AMA agent built on Linux Server.

After 09/16 18:05(JST), the on-prem logs haven't been appeared on "Governance log" section.(Also, there was detection from Defender, "System alert: Cloud Discovery automatic log upload error")

Checked the log relay server, but there was no abnormal part as far as I checked.

-relay server receiving the log file continuously from on-prem servers.

-checked the connection logs with tcpdump, relay server seems to be connecting to IP Address of MCAS API URL, which is us2 region.

Does anyone know of a way to do a detailed survey? Are there any known problem with MS services?

Answer 1

Hi, Sounds like the log collection worked for you successfully and then at a later point stopped.

Assuming that's the case, and if the error condition was not transient (and already self resolved), could you verify if these network requirements are in place? https://learn.microsoft.com/en-us/defender-cloud-apps/network-requirements#log-collector.

Also, since you mou mentioned "IP Address of MCAS API URL" - this note at the bottom of that above URL is relevant: If your firewall requires a static IP address access list and does not support allowing based on URL, allow the log collector to initiate outbound traffic to the Microsoft Azure datacenter IP ranges on port 443.