About AndersW

AndersW · ‎03-29-2019

Hi reaper. I was a bit surprised about this information that my.com could hit my.company.com and figured I had to update lots and lots of entries in our custom categories but I'm unable to repeat this behaviour on PanOS 8.0.16. I actually created the fqdns my.com and my.company.com so they are resolvable and put only my.com in a custom URL category called "molndal-block". When testing the fqdns with a browser (tried several) my.com triggers on the custom category but my.company.com does not? Logs: Im guessing this result might depend on if the browser adds a "/" the the end of the fqdn or not? (every browser I'v tried does this tho) or is there some flaw in my testing?

AndersW · ‎11-05-2018

Hi I'v been using the stdlib.localSyslogToLogstash prototype, https://live.paloaltonetworks.com/t5/MineMeld-Articles/Correlating-PAN-OS-syslog-with-indicators/ta-p/72078 , for while now with no issues but after upgrading PanOS from 7.1 to 8.0 (currently at 8.0.13) it is no longer working correctly. I get SYSLOG.PROCESSED = 0 so it seems the messages are no longer parsed correctly. I can still se that messages are received by using tcpdump. Searching this board I have found a few threads with the same issue but none of them are resolved and I can not find any clear information on supported PanOS versions so before trying to setup a new minemeld instance and spending time debugging this I'd like to know if it should be working at all with 8.0?

Member Since	‎10-09-2013 01:25 AM
Date Last Visited	‎11-25-2020 10:25 AM
Posts	2

Online Status	Offline
Date Last Visited	‎11-25-2020 10:25 AM

About AndersW

Re: Custom URL Filter - Site Definition Format

Syslog analyzer / miner supported PanOS versions?

Re: Custom URL Filter - Site Definition Format

Syslog analyzer / miner supported PanOS versions?