No metrics showing up in a syslog analyser node

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

No metrics showing up in a syslog analyser node

L4 Transporter

Hi,

 

I followed this post the other day and have been forwarding logs from my firewall for 2 days now, but without any hits, so I am wondering if I have done something wrong? I can see in a tcpdump dump on the minemeld server, that logs are received on port 13514/TCP. Also, the logs that are sent to minemeld are dropped traffic from an EDL, so the indicators should be present.

https://live.paloaltonetworks.com/t5/MineMeld-Articles/Correlating-PAN-OS-syslog-with-indicators/ta-...

 

I am using the stdlib.localSyslog prototype, as I just want to know whits lists I hit.

 

Any ideas on how to troubleshoot this?

 

I'm using:

PAN-OS 8.0.3-h4

Minemeld v 0.9.40

16 REPLIES 16

Hi @lmori

 

My minemeld updated a couple of hours ago to 0.9.42 (good work with the backup!), but I still can't see any indicators in the syslog node, even that my firewall have sent plenty of logs since the upgrade.

 

How could we troublehsoot this further?

 

Have a great day!

Hi @lmori,

 

Do you think, there's a possibility that I can troubleshoot this someway myself?

 

Regards,

Bo

  • 14953 Views
  • 16 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!