https://live.paloaltonetworks.com/t5/general-topics/rsyslogd-dependencies-problem/m-p/125671#M98529 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/30691">@uam</a>,</P> <P>could you try downgrading to libfastjson&nbsp;0.99.2-0adiscon1trusty1 ? that is the version distributed by minemeld repo.</P> <P>We have plans to move to Ubuntu 16.04, there rsyslogd has been updated to 8.16 and will make our life easier.</P> <P>&nbsp;</P> <P>Thanks !</P> <P>luigi</P> Thu, 10 Nov 2016 21:36:25 GMT lmori 2016-11-10T21:36:25Z https://live.paloaltonetworks.com/t5/general-topics/rsyslogd-dependencies-problem/m-p/125341#M98528 <P>Hi Luigi,</P> <P>&nbsp;</P> <P>I was testing&nbsp;stdlib.localSyslog to correlate paloalto logs with indicator following this article <A href="https://live.paloaltonetworks.com/t5/tkb/articleprintpage/tkb-id/MineMeldArticles/article-id/11" target="_blank">https://live.paloaltonetworks.com/t5/tkb/articleprintpage/tkb-id/MineMeldArticles/article-id/11</A></P> <P>&nbsp;</P> <P>But I was unable to make it work. After a while, I have noticed that rsyslogd was not running. If you run "service rsyalogd status" says that is running but it's not. After run manually i got the next error:</P> <P>&nbsp;</P> <P>root@minemeld:/var/log# rsyslogd<BR />rsyslogd: error while loading shared libraries: libfastjson.so.3: cannot open shared object file: No such file or directory</P> <P>&nbsp;</P> <P>It seems that rsyslog is compiled&nbsp;against&nbsp;<SPAN>libfastjson3 but ubuntu 14.04 it use&nbsp;libfastjson4.</SPAN></P> <P><SPAN>&nbsp;</SPAN></P> <P><SPAN>I'm using the VM with Ubuntu&nbsp;14.04. Minemeld&nbsp;0.9.26</SPAN></P> <P>&nbsp;</P> <P><SPAN>Regards.</SPAN></P> Wed, 09 Nov 2016 18:29:56 GMT https://live.paloaltonetworks.com/t5/general-topics/rsyslogd-dependencies-problem/m-p/125341#M98528 uam 2016-11-09T18:29:56Z https://live.paloaltonetworks.com/t5/general-topics/rsyslogd-dependencies-problem/m-p/125671#M98529 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/30691">@uam</a>,</P> <P>could you try downgrading to libfastjson&nbsp;0.99.2-0adiscon1trusty1 ? that is the version distributed by minemeld repo.</P> <P>We have plans to move to Ubuntu 16.04, there rsyslogd has been updated to 8.16 and will make our life easier.</P> <P>&nbsp;</P> <P>Thanks !</P> <P>luigi</P> Thu, 10 Nov 2016 21:36:25 GMT https://live.paloaltonetworks.com/t5/general-topics/rsyslogd-dependencies-problem/m-p/125671#M98529 lmori 2016-11-10T21:36:25Z https://live.paloaltonetworks.com/t5/general-topics/rsyslogd-dependencies-problem/m-p/125854#M98530 <P>Hi Luigi,</P> <P>&nbsp;</P> <P>that's was I did and rsyslogd is up&amp;running now. <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> <P>&nbsp;</P> <P>I have &nbsp;configured successfully&nbsp;the syslog-analyzer&nbsp;and feed stats are now working. By the way, great feature!&nbsp;</P> <P>&nbsp;</P> <P>But I don't really know how to set the rules in the syslog-miner to extract indicators. I have look for any documentation but no luck. Is there any article related? I would like to create a feed with indicators from drop/deny logs from PA.</P> <P>&nbsp;</P> <P>Regards.</P> <P>Victor.</P> <P>&nbsp;</P> <P>&nbsp;</P> Fri, 11 Nov 2016 16:49:10 GMT https://live.paloaltonetworks.com/t5/general-topics/rsyslogd-dependencies-problem/m-p/125854#M98530 uam 2016-11-11T16:49:10Z https://live.paloaltonetworks.com/t5/general-topics/rsyslogd-dependencies-problem/m-p/126172#M98531 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/30691">@uam</a>,</P> <P>have you checked this&nbsp;<A href="https://live.paloaltonetworks.com/t5/MineMeld-Articles/Using-the-syslog-Miner/ta-p/77262" target="_blank">https://live.paloaltonetworks.com/t5/MineMeld-Articles/Using-the-syslog-Miner/ta-p/77262</A> ?</P> <P>Really far from being complete, but it should give you an idea of how things work.</P> <P>&nbsp;</P> <P>Luigi</P> Mon, 14 Nov 2016 17:43:07 GMT https://live.paloaltonetworks.com/t5/general-topics/rsyslogd-dependencies-problem/m-p/126172#M98531 lmori 2016-11-14T17:43:07Z