cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
antg334
Explorer
Member since: ‎03-22-2013
‎06-22-2020
Community Statistics
Posts 6
Solutions 0
Karma Given 2
Karma Received 0
Member Since ‎03-22-2013
Activity Feed
View All

Palo Alto App and Add-on Setup

by in All Apps and Add-ons
‎06-22-2020 07:19 AM
‎06-22-2020 07:19 AM
Hello All, We are unable to get the Palo Alto Add-on and App to parse the incoming syslog traffic correctly. The environment we are in prevents us from setting up the syslog-ng.conf exactly as the instructions have listed. We are trying to see if the modification that we have to make is causing the issues with the Add-on and App. The following will show what the instructions call for in the inputs and outputs; while I'll provide what we would have in place. Palo Alto Instructions: Under "Destinations" specify a .log file destination: destination d_udp514 { file("/YOURPATH/udp514.log" template("${MSG}\n")); }; Our Destinations: destination d_5400-A058-PaloAlto { file("/var/log/syslog-ng/PaloAlto.5400-A058.$YEAR.$MONTH.$DAY.log" owner("root") group("root") perm(0644)); }; destination d_5400-B170-PaloAlto { file("/var/log/syslog-ng/PaloAlto.5400-B170.$YEAR.$MONTH.$DAY.log" owner("root") group("root") perm(0644)); }; destination d_5400-PA220-PaloAlto { file("/var/log/syslog-ng/PaloAlto.5400-PA220.$YEAR.$MONTH.$DAY.log" owner("root") group("root") perm(0644)); }; ********************************* Palo Alto Instructions: Create or modify /opt/splunkforwarder/etc/system/local/inputs.conf and add a monitoring stanza: [monitor:///YOURPATH/udp514.log] sourcetype = pan:log Our inputs (using HF instead of UF): [monitor:///var/log/syslog-ng/PaloAlto.5400-A058.$YEAR.$MONTH.$DAY.log] sourcetype = pan:log *** Did not work, so used below *** [monitor:///var/log/syslog-ng()/PaloAlto*.log] sourcetype = pan:log ... View more
Labels

Re: Splunkweb Installation

by in Deployment Architecture
‎05-29-2014 06:25 AM
‎05-29-2014 06:25 AM
It is prompting me for a Splunk username and password. I tried using the local account but it states that the login failed. Where can I find the account information this is looking for? ... View more

Re: Splunkweb Installation

by in Deployment Architecture
‎05-28-2014 12:45 PM
‎05-28-2014 12:45 PM
It states that splunkweb is not running. I have tried splunk restart splunkweb but get the same message. I even tried splunk start splunkweb and received absolutely nothing from that. ... View more

Re: Splunkweb Installation

by in Deployment Architecture
‎05-28-2014 12:17 PM
‎05-28-2014 12:17 PM
I have done a majority of the steps you listed in your triage, except the tcpdump. What leads me to believe it lies in Splunk is that I was able to connect previously before I upgraded the version. This is on an Indexer. ... View more

Re: Splunkweb Installation

by in Deployment Architecture
‎05-28-2014 09:14 AM
‎05-28-2014 09:14 AM
I have already downloaded the rpm, which is an older version, 6.0.3 and installed it on the server but I am not seeing Splunkweb within the installation. So whenever I try to connect to Splunkweb I always receive an unable to display this page. ... View more

Splunkweb Installation

by in Deployment Architecture
‎05-28-2014 08:28 AM
‎05-28-2014 08:28 AM
What are the steps needed to install Splunkweb on a Linux server? ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-22-2020 10:39 AM
Karma given to
View All