Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Palo Alto/panw.panos] Support Syslog RFC5424 #26430

Closed
adriansr opened this issue Jun 23, 2021 · 1 comment
Closed

[Palo Alto/panw.panos] Support Syslog RFC5424 #26430

adriansr opened this issue Jun 23, 2021 · 1 comment
Labels
enhancement Integration:Palo Alto

Comments

@adriansr
Copy link
Contributor

adriansr commented Jun 23, 2021
edited
Loading

Panos devices can send logs in RFC5424 (newer syslog) format, but the module is hardcoded to rfc3164 (older syslog).

Currently the only workaround is to edit the module/panw/panos/config/input.yml file and enable the new RFC with the format config option for syslog input (added by #23954):

  type: syslog
+ format: 5424   
  protocol.udp:
    host: "{{.syslog_host}}:{{.syslog_port}}"

We should expose this configuration via a module setting or update the panw module to do it's own syslog parsing supporting both RFCs.
@jamiehynds jamiehynds mentioned this issue Dec 2, 2021
Closed
30 tasks
@jamiehynds
Copy link

We're currently working on RFC5424 support for the Palo Alto and all firewall integrations. Closing this issue in favour of the issue we're working on here: elastic/integrations#1878

@jamiehynds jamiehynds mentioned this issue May 18, 2022
Closed
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement Integration:Palo Alto
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@adriansr @jamiehynds