- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
11-10-2017 03:15 AM
HI, all.
I'm looking for some reference of integration with Sumo Logic for Syslog setting.
My customer wants to receive logs from PA FW.
I'm looking at guides both Sumo logic web site and Live community in here,
but I think there's more information needed. Or I'd configured in wrong way.
Syslog Server: syslog.collection.us2.sumologic.com
Transport: TCP TLS Port(Set as 'SSL', when I set as 'TCP' then connection error occured)
Port: 6514
1-1. Syslog Server Profile
1-2. System Log; connection error (When I set 'TCP' instead of 'SSL' at 'Transport' tap in 1-1)
Customer said, I think I should user 'Token' below in like 1-3, but I think somethings are wrong.
1-3. Sample - Token/Host/TCP TLS Port
####
After I configured like 1-1, and set log settings in system and policies
I could see the session connected in session browser without not disconnection.
But, there were no logs in Sumo Logic Server
I think there's more configured needed for intergrated well.
I'm suspecting Syslog Server Address problem, and some addtional configuration for SSL related.
ex) Generate Certificate(but, there was no option of 'Secure Syslog check box' in PAN-OS 7.1), and so on.
If someone did this integration, Sumo Logic with PAN-OS 7.1
Please let me know the solution.
Have a great day 😄
11-13-2017 04:05 PM
Solved.
I should've noticed that I needed to install 'installed collector' as a syslog server.
I misunderstood.
and TCP/UDP supported.
11-13-2017 04:05 PM
Solved.
I should've noticed that I needed to install 'installed collector' as a syslog server.
I misunderstood.
and TCP/UDP supported.
11-14-2017 10:06 PM
Customer asked another one, deploying in 'Hosted Collector'
Hosted Collector needs for rsyslog or syslog-ng, I should look into it.
I think it is more complecated to configure. Anyway.
Have a great day
01-28-2022 04:52 AM
Hi!
I'm currently facing the same issue. I followed SL documentation and I wasn't able to forward any logs (status always "None" from SL).
Could you please share the steps (or document) that you followed in order to solve this? Did you change transport to TCP/UDP instead of SSL?
Many thanks!
04-02-2022 03:44 AM
want to make hosted collector works. need to do the below setup.
By default, the PA syslog only support 1.2 forced. need to skip.
https://weberblog.net/palo-alto-syslog-via-tls/
configure>
set syslogng-ssl-conn-validation explicit OCSP skip CRL skip EKU skip
set syslogng-ssl-conn-validation all-cons skip
syslogng ssl connection validation settings:
all-conns:skip
crl:skip
ocsp:skip
eku:skip
09-02-2022 12:34 PM
This worked fantastic for me but I have one question: After making this change, is it permanent? I see no way to commit or save it.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!