Graylog can't received threat log from PaloAlto


When I try to ship log from PA- [SYSTEM-LOG, TRAFFIC-LOG, CONFIGURE-LOG] it is working fine with TCP.
When I try to ship log as THREAT-LOG as UDP, it is not working.
Anyone one meet this experience before, please share.

Did you define input for udp?

Yes, I already define UDP input with port 10001: UDP on graylog.

Did you see incomeing packages?
Eg. On the input counters, or with tcpdump?

It is working now.
Thank you.

Please share your solution. There’s nothing I hate more than finding a thread on a forum that matches my exact question, only to be updated with “NVM, works now.”.


pls try to search match contain in search box
Ex: “scan” or “vulnerability”.
Reason, because of grok pattern is not configure correctly, that’s why it doesn’t show

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.