We recently upgraded our CentOS box and also updated Graylog to the latest 4.2.3 version in light of Log4j vulnerability.
Everything seems to work apart from the built in Palo Alto TCP input. I deleted it and created a new one but the problem persists.
We’re also seeing a lot of (probably related to this):
failed to parse field [event_received_time] of type [date] in document with id
Could you please point me to which logs need to be analyzed and what else should I be looking at?
Hello there
The Graylog log file is usually found at /var/log/graylog-server/server.log this should contain some clues as to why your Palo Alto TCP input is stopping.
Regarding the parsing failures, you could take a peek in System → Streams → “Processing and Index Failures” Stream, any message that fails to parse should land here. From there you can figure out which input it was sent to, and why it wasn’t parsed by that input.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
