I need to secure Syslog sending from Palo devices to SolarWinds Kiwi Syslog server using SSL. We're currently sending Syslog to the Kiwi Server over UDP successfully without issue. However, when I changed the transport to SSL (6514) and set the certificate to use for Syslog, the firewall stopped sending logs to the Kiwi server.
I followed the steps outlined here (Configure Syslog Monitoring (paloaltonetworks.com)). I created two self-signed certificates on the firewall, I assigned one to be used for Syslog sending, and exported the second to the Kiwi server.
I did a tcpdump capture on the firewall, it appears it stopped sending syslog messages after the change.
I'll appreciate comments on what I need to do to resolve this issue.
... View more