Common Event Format (CEF) via AMA cksum error

[venbea]

I installed the AMA agent with the CEF parser. When you do this, this appears I don't receive a log in the LogAnalytics.

When I run tcpdump -i any port 28330 -AAAA -vv 👍

14:58:38.935017 lo In IP (tos 0x0, ttl 64, id 27609, offset 0, flags [DF], proto TCP (6), length 52)
localhost.28330 > localhost.41383: Flags [.], cksum 0xfe28 (incorrect -> 0xcc69), seq 1, ack 112402, win 10139, options [nop,nop,TS val 2560417535 ecr 2560417535], length 0
....................E..4k.@[email protected]}e.....'..(.....

The CEF is a PaloAlto Syslog |PAN-OS|11.0.2

I don't receive any log in the LogAnalytics

[v-sudkharat]

Hi @venbea, Thanks for flagging this issue, we will investigate this issue and get back to you with some updates. Thanks!

[v-rusraut]

Hi @venbea,
The instructions provided are not clear, please provide more information about the issue with proper replication steps.
Thanks

[v-rusraut]

Hi @venbea , Gentle Reminder: We are waiting for your response on this issue. If you still need to keep this issue active, please respond to it in the next 2 days. If we don't receive a response by 11-09-2024 date, we will be closing this issue.
Thanks!

[v-rusraut]

Hi @venbea, since we have not received a response in the last 5 days, we are closing your issue as per our standard operating procedures. If you still need support for this issue, feel free to re-open at any time. Thank you for your co-operation.