I defined a syslog UDP Input with Port 5241 On gray log , and then on PaloAlto i defined the name and IP of my graylog server and set the same port 5241 , and setup a log forwarding rule
but still not receiving any thing on graylog input
Any help?
Good morning, instead of Syslog try Raw to see if you get data. Thank you, Zach.
Thanks!!!
i changed it to Raw and received some data the problem is it’s like this with no useful Info Palo|690x194
Good morning, at least in my case, I had to use Raw for a source that did not support one of the RFCs of Syslog that Graylog supports. RFC 5424 and RFC 3164 from Ingest syslog — Graylog 4.0.0 documentation
I was not able to change how my source sent the info, maybe you will have better luck.
To make it usable I would have had to do something with rules, pipelines, streams, etc… I did not put that time into it. I just kept it at Raw and created a few alerts to pull out items of interest.
Thank you, Zach.
ok Dickinsonzach,
Thanks for your time and consideration
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.