Palo Alto Networks Firewall TCP (PAN-OS v9+) input parse error - Githubissues

Graylog2 / graylog-plugin-integrations

A collection of open source Graylog integrations that will be released together.

Other

14 stars 14 forks source link

Palo Alto Networks Firewall TCP (PAN-OS v9+) input parse error #956

Open qaxi opened 2 years ago

qaxi commented 2 years ago

Expected Behavior

field pan_source_user contains date 2021-12-29 08:06:50.775 +00:00

Current Behavior

field pan_source_user should contain username

Possible Solution

Take a look to https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/monitoring/use-syslog-for-monitoring/syslog-field-descriptions/user-id-log-fields.html#id23f3cbfb-946f-423f-bc48-50fdc2b68238

Steps to Reproduce (for bugs)

Use Graylog 4.2.4+b643d2b on f687edde0f02 (Oracle Corporation 1.8.0_312 on Linux 5.4.0-53-generic)
and Palo Alto Firewall 10.0.8
create Palo Alto Networks Firewall TCP (PAN-OS v9+) input

Context

Your Environment

Graylog Version: 4.2.4+b643d2b
Java Version: f687edde0f02 (Oracle Corporation 1.8.0_312 on Linux 5.4.0-53-generic)
Elasticsearch Version: 7.10.2
MongoDB Version: 4.2
Operating System: Ubuntu 20.04
Browser version: FF 95

bernd commented 2 years ago

FYI: I moved this from the server repository.