All,
When I try to ship log from PA- [SYSTEM-LOG, TRAFFIC-LOG, CONFIGURE-LOG] it is working fine with TCP.
When I try to ship log as THREAT-LOG as UDP, it is not working.
Anyone one meet this experience before, please share.
Did you define input for udp?
Yes, I already define UDP input with port 10001: UDP on graylog.
Did you see incomeing packages?
Eg. On the input counters, or with tcpdump?
It is working now.
Thank you.
Please share your solution. There’s nothing I hate more than finding a thread on a forum that matches my exact question, only to be updated with “NVM, works now.”.
pls try to search match contain in search box
Ex: “scan” or “vulnerability”.
Reason, because of grok pattern is not configure correctly, that’s why it doesn’t show
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.