Closed jasonkeller closed 6 years ago
FYI I have an open case with Palo Alto support, and it appears they are looking into correcting this so they are no longer in violation of RFC 3164 for timestamp formatting.
It took two-plus weeks and pushing through two different engineers, after having provided crystal-clear documentation as to what was wrong and refuting erroneous assertions foisted back at us, but here we are.
the Engineering team, has identified a gap in our formatting based on your notes. They are actively researching the correction to the formatting, and any other ramifications that it will cause for other portions of the software.
Update from Palo Alto GTAC:
I was informed that in version 4.1.4, adjustments were made to standardize our CEF logs. No affect to the core code was found with these changes, and implementation has been completed. 4.1.4 should be in QA shortly.
Version 4.1.4+ should now have all requisite fixes and has been released. This can be closed now.
Here is another non-working format that appears to be silently dropped on the floor due to their inclusion of the year in the header...