About andrew.copeland

It doesn't look like port 13514 is being exposed for the syslog miner. Does the docker container support the syslog miner in this article? ... View more

I believe I have fixed it, at least in the interim until it can be added to the Palo repo.  According to Luigi here rsyslog (or more appropriately the package called rsyslog-minemeld in Ubuntu 14.04) Was built by them from source with additional features enabled, and distributed through their repo.  It does not seem that rsyslog-minemeld is distrubuted in their current Xenial/16.04 repo. http://minemeld-updates.panw.io/ubuntu xenial-minemeld main  However, when I built a current version of rsyslog with those features; it was incompatible with the /etc/rsyslog.d/*.conf files.  I was able to find an old version of rsyslog "8.19.0", combile it, install the .deb file on my minemeld-server. I also installed I also installed via apt "librabbitmq4" and "liblognorm2" as refferenced by some of my /var/log/syslog errors.  Once I did that, all the errors went away, and IPs started showing up in my miner/output. ... View more

As an update, it looks like the error is because "rabbitmq-server" isn't installed, when it was in the Ubuntu 14 version I had running. However, installing rabbitmq doesn't fix the logs showing up in MineMeld, it only removes the errors.  It seems it's missing some other configuration, but I'm not sure what that is. ... View more

I'm having this issue as well. Same issues in the log file and I also used the build for Ubuntu 16.  This config came off of my previous installation of ubuntu 14 so I don't think it's my minemeld config. I also see established traffic from my firewalls over port 13514 so it seems that the issue is somewhere between rsyslog and the miner itself.   I think that when Luigi created the new install guide there's something missing that's required for the syslog miner to function.  @lmori are you able to confirm? ... View more