I have recently setup graylog 5 and setup a Palo input. The only one I saw was for Palo 9.x+. It’s working great other than the Decryption and GTP logs. I receive this message in the graylog server log:
2023-04-20T10:51:03.404-04:00 INFO [PaloAlto9xCodec] Received log for unsupported PAN type [GTP]. Will not parse.
2023-04-20T10:51:03.488-04:00 INFO [PaloAlto9xCodec] Received log for unsupported PAN type [DECRYPTION]. Will not parse.
The data comes in and I can parse it with extractors but this will still fill up my log with a bunch of these messages and seems like not the cleanest way to fix my issue.
My question is where can I add Decryption and GTP as supported logs for the Pan Types? I would like to build that out but can’t seem to find where it’s defined.
This is a single node environment. I am using open search and mongoDB installed locally on the server.
OS: Rocky 9.1
Graylog 5.0.6
I am not having any other feeds and all other Palo logs are coming in without issue.
Please let me know if there is any other information I can provide to be helpful.