All Apps and Add-ons

help setting up Palo Alto Firewall to log to splunk securely (SSL / TLS)

adtalmeda
New Member

I'm new to both PAN and splunk. I already have the free splunk trial and I'm already getting logs from a Linux server using UDP 514 and a Windows Server through Remote Event Log Setup using a domain account.

My question is, how do I setup Splunk and the Palo Alto Networks Firewall so that I get the firewall logs through a secure connection like SSL or TCP? I can't find any guide on the internet to do this. Thank you.

0 Karma

mgabriel111
New Member

2 years later, and I'm trying to do this also.. Documentation is very sparse on this subject. If anyone could explain the steps to effectively send syslogs over SSL from a PA firewall to Splunk successfully I would be eternally grateful!
Thanks

0 Karma

chutvu
Observer

I have been trying to fix this problem for for a week now for TLS 1.2 but nothing. Is there anybody out there who has successfully use send syslog from Palo Alto to Splunk with SSL/TLS?

0 Karma

slashnburn
Path Finder

You can set up a secure connection using the Splunk default certificates, self-signed certificates, or certificates signed by a third party. You could probably get by using the default certificates, but I would recommend following the process to self-sign the certificates.

A good place to start is http://docs.splunk.com/Documentation/Splunk/6.2.2/Security/AboutsecuringyourSplunkconfigurationwithS...

0 Karma

adtalmeda
New Member

I meant SSL or TLS.. Thank you.

0 Karma
Get Updates on the Splunk Community!

Discover Powerful New Features in Splunk Cloud Platform: Enhanced Analytics, ...

Hey Splunky people! We are excited to share the latest updates in Splunk Cloud Platform 9.3.2408. In this ...

Splunk Classroom Chronicles: Training Tales and Testimonials

Welcome to the "Splunk Classroom Chronicles" series, created to help curious, career-minded learners get ...

Access Tokens Page - New & Improved

Splunk Observability Cloud recently launched an improved design for the access tokens page for better ...