All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

help setting up Palo Alto Firewall to log to splunk securely (SSL / TLS)

adtalmeda
New Member
‎03-11-2015 10:08 AM

I'm new to both PAN and splunk. I already have the free splunk trial and I'm already getting logs from a Linux server using UDP 514 and a Windows Server through Remote Event Log Setup using a domain account.

My question is, how do I setup Splunk and the Palo Alto Networks Firewall so that I get the firewall logs through a secure connection like SSL or TCP? I can't find any guide on the internet to do this. Thank you.

0 Karma
Reply

mgabriel111
New Member
‎06-14-2018 07:57 AM

2 years later, and I'm trying to do this also.. Documentation is very sparse on this subject. If anyone could explain the steps to effectively send syslogs over SSL from a PA firewall to Splunk successfully I would be eternally grateful!
Thanks

0 Karma
Reply

chutvu
Observer
‎07-15-2020 01:31 PM

I have been trying to fix this problem for for a week now for TLS 1.2 but nothing. Is there anybody out there who has successfully use send syslog from Palo Alto to Splunk with SSL/TLS?

0 Karma
Reply

slashnburn
Path Finder
‎03-11-2015 02:30 PM

You can set up a secure connection using the Splunk default certificates, self-signed certificates, or certificates signed by a third party. You could probably get by using the default certificates, but I would recommend following the process to self-sign the certificates.

A good place to start is http://docs.splunk.com/Documentation/Splunk/6.2.2/Security/AboutsecuringyourSplunkconfigurationwithS...

0 Karma
Reply

adtalmeda
New Member
‎03-11-2015 01:21 PM

I meant SSL or TLS.. Thank you.

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...