topic Minemeld PA syslog processing in General Topics https://live.paloaltonetworks.com/t5/general-topics/minemeld-pa-syslog-processing/m-p/190862#M97582 <P>Hi,</P> <P>&nbsp;</P> <P>I installed Minemeld. I'm now trying to mine the PA traffic logs via syslog. It seems that the processing works but no indicators are extracted? The PA is running 7.1.13 and sending the syslog messages on TCP port 13514 to the Minemeld server.<BR />I already looked into the /var/log/rsyslog.log file but I do not see any messages. How can I troubleshoot this?</P> <P>&nbsp;Tnx<span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="image.png" style="width: 800px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/12918i1575D65C494AC2B1/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="image.png" alt="image.png" /></span></P> Fri, 08 Dec 2017 16:08:04 GMT jorisVD 2017-12-08T16:08:04Z Minemeld PA syslog processing https://live.paloaltonetworks.com/t5/general-topics/minemeld-pa-syslog-processing/m-p/190862#M97582 <P>Hi,</P> <P>&nbsp;</P> <P>I installed Minemeld. I'm now trying to mine the PA traffic logs via syslog. It seems that the processing works but no indicators are extracted? The PA is running 7.1.13 and sending the syslog messages on TCP port 13514 to the Minemeld server.<BR />I already looked into the /var/log/rsyslog.log file but I do not see any messages. How can I troubleshoot this?</P> <P>&nbsp;Tnx<span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="image.png" style="width: 800px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/12918i1575D65C494AC2B1/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="image.png" alt="image.png" /></span></P> Fri, 08 Dec 2017 16:08:04 GMT https://live.paloaltonetworks.com/t5/general-topics/minemeld-pa-syslog-processing/m-p/190862#M97582 jorisVD 2017-12-08T16:08:04Z Re: Minemeld PA syslog processing https://live.paloaltonetworks.com/t5/general-topics/minemeld-pa-syslog-processing/m-p/193054#M97583 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/851">@jorisVD</a>,</P> <P>please, could you attach a screenshot of your indicators extracting rules?</P> <P>&nbsp;</P> <P>Thanks,</P> <P>luigi</P> Tue, 26 Dec 2017 07:51:59 GMT https://live.paloaltonetworks.com/t5/general-topics/minemeld-pa-syslog-processing/m-p/193054#M97583 lmori 2017-12-26T07:51:59Z