I'm new to both PAN and splunk. I already have the free splunk trial and I'm already getting logs from a Linux server using UDP 514 and a Windows Server through Remote Event Log Setup using a domain account.
My question is, how do I setup Splunk and the Palo Alto Networks Firewall so that I get the firewall logs through a secure connection like SSL or TCP? I can't find any guide on the internet to do this. Thank you.
2 years later, and I'm trying to do this also.. Documentation is very sparse on this subject. If anyone could explain the steps to effectively send syslogs over SSL from a PA firewall to Splunk successfully I would be eternally grateful!
Thanks
I have been trying to fix this problem for for a week now for TLS 1.2 but nothing. Is there anybody out there who has successfully use send syslog from Palo Alto to Splunk with SSL/TLS?
You can set up a secure connection using the Splunk default certificates, self-signed certificates, or certificates signed by a third party. You could probably get by using the default certificates, but I would recommend following the process to self-sign the certificates.
A good place to start is http://docs.splunk.com/Documentation/Splunk/6.2.2/Security/AboutsecuringyourSplunkconfigurationwithS...
I meant SSL or TLS.. Thank you.