Before you post: Your responses to these questions will help the community help you. Please complete this template if you’re asking a support question.
Don’t forget to select tags to help index your topic!
1. Describe your incident:
Trying to ingest logs from PanOS 10.2 leads to no logs being ingested and errors in the geaylog server/.log file that read "ERROR [PaloAltoParser] Cannot parse malformed PAN message [unrecognized format]: "
2. Describe your environment:
-
OS Information: RHEL 8.
-
Package Version: Graylog 4.3.15
3. What steps have you already taken to try and solve the problem?
Logs ingest in sysog format on another port just fine, but when I switch to a different port using TCP with the Palo Alto PanOS9+ input i see no logs and the above errors in the graylog server.log file
4. How can the community help?
Does anyone have that input working on PanOS 10.2? If so, can you share info about how you are shipping the logs out and managing ingest?