All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Question about Palo Alto Network

jcrival
New Member
‎04-16-2013 01:50 PM

Dear Splunkers,
I have installed Splunk for Palo Alto Network app, Do you have a manual how to install. Should I have to configure syslog on Palo Alto Device?

Regards,

Jose Rivera

0 Karma
Reply

monzy
Communicator
‎04-16-2013 01:56 PM

Hello Jose,

There are instructions on the apps page. Short version, you will have to configure your Palo Alto firewall to forward to a Splunk sever. On the Splunk side, you will have to configure an input. The readme file in the apps directory has a sample inputs.conf stanza.

Cheers,

Monzy

(Typing with thumbs)

lets say that the PaloAlto is sending logs to UDP 5155 (the default is udp 514), here's a sample stanza for your inputs.conf

[udp://5155]

index= pan_logs

connection_host = ip

sourcetype = pan_log

no_appending_timestamp = true

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...