Palo Alto Networks Input Not showing received message

Hello All,

I have configured the Graylog v3.0.2+1686930 OVA with Palo Alto Networks Input by installing graylog-integrations-plugins .

Created a new Input using “Palo Alto Networks Input (TCP)” and configured the Firewall to send logs on port 5555. I can see the message is receiving in the input as

1 minute average rate: 5 msg/s
Network IO: 0B 0B (total: 87.8KB 0B )

But when I click the " show received message" of that Input, the search shows “Nothing found”

I am using Palo Alto Software Version 8.1.9. and using Format BSD

Also I have tested with Palo Alto Software Version 8.0. version. Same result.

image

But when I click the " show received message" of that Input, the search shows “Nothing found”

Hey there,
check if time and timezone is correct. especially if you use the ova template the system time may have to be corrected. please also check the time in server.conf of graylog.

Timezone is correct with my timezone, I have changed the Format BSD to IETF. Now I start receiving the log on Palo Alto Software Version 8.1.

I have configured the same for Palo Alto Software Version 8.0 but no log is showing but message is receiving in the input as count is showing. I have done the reference of official Palo Alto Networks log fields documentation that that version and customize the mappings , but no result

did you see any related messages in the Graylog server.log?

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.