A New Community Experience is Coming! For more information, please see our announcement
I'm having issues with getting the palo alto plugins to trigger for syslog data against OSSIM.
We have the following configured.
- Syslog on Palo Alto sending BSD format and facility field local7
- Sensor configured with syslog and palo alto plugins enabled
- Firewalls added as assets
- Test firewall rules on Palo to trigger on web traffic from a single endpoint and log that traffic to syslog
Can see the syslog traffic being received against the device asset but cannot see the plugins triggering to convert it into traffic events from the firewall.
Anyone know what I'm doing wrong?