Logs have only sourcetype of pan:log

PaloAltoNetworks / Splunk-Apps

Palo Alto Networks App for Splunk leverages the data visibility provided by Palo Alto Networks next-generation firewalls and endpoint security with Splunk's extensive investigation and visualization capabilities to deliver an advanced security reporting and analysis tool.

https://splunk.paloaltonetworks.com

ISC License

103 stars 50 forks source link

Logs have only sourcetype of pan:log #323

Open bsanjeeva22 opened 7 months ago

bsanjeeva22 commented 7 months ago

We have integrated Pan sources with Splunk via syslog-ng. Until 01/11/24 the sourcetypes the parsing into sourcetypes pan:traffic, pan:threat, pan:system, pan:config was working fine. But, later all logs are found under pan_log.

Version of add-on on Indexer used: 7.0.4

paulmnguyen commented 6 months ago

Was anything changed on the syslog-ng side? Could you please provide a sample of the logs before and after. Please don't include any sensitive data.