[im_ssl|ssl] binary header not found at position 0 in data received

View thread

gmalis

I'm receiving this error when sending Palo Alto logs to my NXLog v5 environment. On Palo Alto side, I have selected CEF format, and the Delimiter field is set to Space:" " (that's my only option)

2022-07-01 18:18:48 ERROR [im_ssl|ssl] binary header not found at position 0 in data received from logforwarding.us.cdl.paloaltonetworks.com (34.67.106.77), is input really binary?

Any idea's??

#define ROOT C:\Program Files\nxlog define ROOT C:\Program Files\nxlog define CERTDIR C:\Program Files\nxlog\cert

Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data LogFile %ROOT%\data\nxlog.log

<Extension cef> Module xm_cef </Extension>

<Extension syslog> Module xm_syslog </Extension>

<Input ssl> Module im_ssl ListenAddr 0.0.0.0:16514 CAFile %CERTDIR%/datalake.cert CertFile %CERTDIR%/plzwork.crt CertKeyFile %CERTDIR%/plzwork.key

KeyPass secret

InputType Binary </Input>

<Input udp_input> Module im_udp ListenAddr 0.0.0.0:16514 Exec parse_syslog(); parse_cef($Message); </Input>

<Output udp_output> Module om_udp Host 127.0.0.1 Port 16515 Exec $Message = to_cef(); to_syslog_bsd(); </Output>

<Route 1> Path ssl => udp_input => udp_output </Route>

Thank you!!