Can't integrate Graylog with Palo alto

Hi everyone.

I’m new to Graylog. I downloaded the OVA file for my vmware esxi and installed it successfully, but somehow when I created a new INPUT>SYSTEM named Palo alto for syslog server, I didn’t get any logs or messages in the dashboard. No messages received on the Graylog server. Log forwarding profile and rules are already configured on the Palo alto.

System >Input>Palo alto 9.0

Port 1415 (input fails to start on port 514)
Rest are default.

Please help me with this if I am missing any steps or configurations.


Hello and welcome

What version of Graylog are you using?
How did you configure you Graylog INPUT?
Did you check you log files for Elasticsearch, Graylog, and MongoDb? If so did you see anything that would pertain to this issue?
To help troubleshoot your issue we may need some more details about your environment.
If you’re unsure what you need then this may enlighten you.

Hope that helps

Hi Gsmith
Thanks for responding.

The running Graylog version is latest one 4.0
I configured the Graylog input in menu under system tab and selected Palo alto 9.0 as the input.

Elastic search mongodb are installed properly and are up to date. I am not sure on how to check for log files of these. All I saw was there were no messages to the input and the network IO as 0 B.

Do you have a firewall enabled? Check if you can PING your remote device from graylog server.
By chance did you check the logs on the remote device? If so is there anything pertaining to this issue?

I’ll second @gsmith 's question about a firewall. This sounds like a host based firewall IMO. Check to see if you have iptables rules in place or if firewalld is running. You might also do a tcpdump to see if packers are hitting the server.

1 Like

Hi @gsmith
Yes firewall and graylog are reachable to each other. Ping is fine from both end. I have other syslogs configured as well on the remote firewall… other syslog servers obtain logs from the PA firewall but Graylog doesn’t. Configuration and rules are fine on the firewall… I think something is missing on Graylog.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.