- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
08-31-2016 06:37 AM
Hi!
I'm having some trouble matching domain indicators on syslog feeds. So far I have a setup like this:
ransomwaretracker_RW_DOMBL (Miner) -> aggregatorDomain (Aggregator) -> feedDomainHCGreenWithValue (Output) -> Domain EDL within PAN-OS
The above is working fine and I have verified a positive matches on indicators in the logs.
Next I have a localSyslog analyzer also attached to the aggregatorDomain position. Despite having positive matches in the logs this is not shown in the localSyslog analyzer stats.
I have another syslog analyzer correctly parsing syslog messages and performing matches so I know the configuration of both PAN-OS is correct and the syslogAnalyzer. Any pointers on what might be the issue?
Regards
Erik Yunghans