All Apps and Add-ons

help setting up Palo Alto Firewall to log to splunk securely (SSL / TLS)

adtalmeda
New Member

I'm new to both PAN and splunk. I already have the free splunk trial and I'm already getting logs from a Linux server using UDP 514 and a Windows Server through Remote Event Log Setup using a domain account.

My question is, how do I setup Splunk and the Palo Alto Networks Firewall so that I get the firewall logs through a secure connection like SSL or TCP? I can't find any guide on the internet to do this. Thank you.

0 Karma

mgabriel111
New Member

2 years later, and I'm trying to do this also.. Documentation is very sparse on this subject. If anyone could explain the steps to effectively send syslogs over SSL from a PA firewall to Splunk successfully I would be eternally grateful!
Thanks

0 Karma

chutvu
Observer

I have been trying to fix this problem for for a week now for TLS 1.2 but nothing. Is there anybody out there who has successfully use send syslog from Palo Alto to Splunk with SSL/TLS?

0 Karma

slashnburn
Path Finder

You can set up a secure connection using the Splunk default certificates, self-signed certificates, or certificates signed by a third party. You could probably get by using the default certificates, but I would recommend following the process to self-sign the certificates.

A good place to start is http://docs.splunk.com/Documentation/Splunk/6.2.2/Security/AboutsecuringyourSplunkconfigurationwithS...

0 Karma

adtalmeda
New Member

I meant SSL or TLS.. Thank you.

0 Karma
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...