hi thanks @tmacgbay on my centos7 server, I only did this part
I still do not fully understand the other changes to make
hi thanks @tmacgbay on my centos7 server, I only did this part
I still do not fully understand the other changes to make
…
you do the section you copy above, plus you read the upgrade notes ( https://docs.graylog.org/en/3.0/pages/upgrade/graylog-3.0.html ) and adjust your configuration.
yes i did it I did the normalization of my FW palo alto logs, now, I have the standardized palo alto logs with graylog 2.5
Format your logs at firewall as CEF and then ether create CEF input, or use pipeline.
thanks a lot @kilamzh I made the normalization of the palo alto firewall logs through u content pack in graylog market place
Hi, When i make an ssh connection to the fw palo alto with an incorrect password, this ssh connection does not get into the logs on Graylog interface web ! why ?To configure the syslog profile I followed this link https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClFfCAK
Failed SSH would probably go into Management log, not threat.
Management log ? Can you explain it to me ?
Sorry, I should of say system log instead of management. PANOS v.8 also has Authentication log. Review this document for details https://docs.paloaltonetworks.com/resources/cef
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.