Graylog can't received threat log from PaloAlto


(Chhayheng) #1

All,

When I try to ship log from PA- [SYSTEM-LOG, TRAFFIC-LOG, CONFIGURE-LOG] it is working fine with TCP.
When I try to ship log as THREAT-LOG as UDP, it is not working.
Anyone one meet this experience before, please share.


#2

Did you define input for udp?


(Chhayheng) #3

Yes, I already define UDP input with port 10001: UDP on graylog.


#4

Did you see incomeing packages?
Eg. On the input counters, or with tcpdump?


(Chhayheng) #5

It is working now.
Thank you.


(Tess) #6

Please share your solution. There’s nothing I hate more than finding a thread on a forum that matches my exact question, only to be updated with “NVM, works now.”.

:heart:


(Chhayheng) #7

pls try to search match contain in search box
Ex: “scan” or “vulnerability”.
Reason, because of grok pattern is not configure correctly, that’s why it doesn’t show


(system) closed #8

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.