Yes - I understand that installing the plugin adds an input for Palo Alto Networks firewalls - the point is that the plugin fails to install.
I am running PAN-OS 9.1.2 on my firewall. I actually work for Palo Alto Networks and am running several firewalls - one for production and 4 on various versions of code (8.1, 9.0, 9.1 and 9.2 beta).
Yes - there were additional logs added in PAN-OS 9.1 and there will be additional ones added in 9.2 - tentatively scheduled to ship in late May/early June but is likely going to be delayed.
I would think that PAN-OS 9.1 would still work with Graylog but the newer log types wouldn’t be detected/available for reporting. It is possible to configure PAN-OS with a granular policy controling what log events are forwarded to syslog, so it is likely possible to ensure that the logs that are not supported aren’t sent to Graylog in the first place.
I am not savvy enough to modify the plugins myself, but if I can provide someone with the details they need to update support for PAN-OS 9.1 and 9.2, I’d be happy to do so.
It seems like the vast majority of the plugins I’ve looked at are based on older versions of Graylog and are no longer functional with the newer releases. That begs the question - why do they even show up in the results of a search via the Graylog admin interface if they no longer work? It seems like they should be pruned from the database and a message should be added to the UI that provides more insight.
I see a lot of people asking questions about various plugins and the answer is almost always that the plugin that someone is asking about is based on an older version of Graylog and will no longer work. It would seem to me like it would make sense to add a very obvious message in the admin interface that speaks to this.
Case in point, I also tried to install a Graylog plugin to add support for Netflow. I found that the version I found on the Graylog GitHub repo is wicked old and no longer works with 3.2. I ended up discovering that there’s a Netflow input that is automatically part of Graylog 3.2. That’s an ideal situation but again, why are there so many references to outdated plugins?