topic Re: Syslog configuration to Sumo Logic in PAN-OS 7.1 in General Topics

Syslog configuration to Sumo Logic in PAN-OS 7.1

animofernando — Fri, 10 Nov 2017 11:15:49 GMT

HI, all.

I'm looking for some reference of integration with Sumo Logic for Syslog setting.

My customer wants to receive logs from PA FW.

I'm looking at guides both Sumo logic web site and Live community in here,

but I think there's more information needed. Or I'd configured in wrong way.

Syslog Server: syslog.collection.us2.sumologic.com

Transport: TCP TLS Port(Set as 'SSL', when I set as 'TCP' then connection error occured)

Port: 6514

1-1. Syslog Server Profile

1-2. System Log; connection error (When I set 'TCP' instead of 'SSL' at 'Transport' tap in 1-1)

Customer said, I think I should user 'Token' below in like 1-3, but I think somethings are wrong.

1-3. Sample - Token/Host/TCP TLS Port

####

After I configured like 1-1, and set log settings in system and policies

I could see the session connected in session browser without not disconnection.

But, there were no logs in Sumo Logic Server

I think there's more configured needed for intergrated well.

I'm suspecting Syslog Server Address problem, and some addtional configuration for SSL related.

ex) Generate Certificate(but, there was no option of 'Secure Syslog check box' in PAN-OS 7.1), and so on.

If someone did this integration, Sumo Logic with PAN-OS 7.1

Please let me know the solution.

Have a great day 😄

Re: Syslog configuration to Sumo Logic in PAN-OS 7.1

animofernando — Tue, 14 Nov 2017 00:05:08 GMT

Solved.

I should've noticed that I needed to install 'installed collector' as a syslog server.

I misunderstood.

and TCP/UDP supported.

Re: Syslog configuration to Sumo Logic in PAN-OS 7.1

animofernando — Wed, 15 Nov 2017 06:06:40 GMT

Customer asked another one, deploying in 'Hosted Collector'

Hosted Collector needs for rsyslog or syslog-ng, I should look into it.

I think it is more complecated to configure. Anyway.

Have a great day

Re: Syslog configuration to Sumo Logic in PAN-OS 7.1

echahine — Fri, 28 Jan 2022 12:52:46 GMT

Hi!
I'm currently facing the same issue. I followed SL documentation and I wasn't able to forward any logs (status always "None" from SL).

Could you please share the steps (or document) that you followed in order to solve this? Did you change transport to TCP/UDP instead of SSL?

Many thanks!

Re: Syslog configuration to Sumo Logic in PAN-OS 7.1

RAX-NetSec — Sat, 02 Apr 2022 10:44:50 GMT

want to make hosted collector works. need to do the below setup.

By default, the PA syslog only support 1.2 forced. need to skip.

https://weberblog.net/palo-alto-syslog-via-tls/

configure>

set syslogng-ssl-conn-validation explicit OCSP skip CRL skip EKU skip
set syslogng-ssl-conn-validation all-cons skip

syslogng ssl connection validation settings:
all-conns:skip
crl:skip
ocsp:skip
eku:skip

Re: Syslog configuration to Sumo Logic in PAN-OS 7.1

BaudMatt — Fri, 02 Sep 2022 19:34:26 GMT

This worked fantastic for me but I have one question: After making this change, is it permanent? I see no way to commit or save it.