2
responses

Hi,

We have this error

ERROR binary header not found at position 0 in data received from xxx.xxx.xxx.xxx is input really binary?

Any hint will be appreciated.

Regards,
K

AskedMay 2, 2022 - 1:57pm

Comments (2)

  • gmalis's picture

    Since the other person didn't reply, i'm going to piggy back off this! I'm getting the same error when sending Palo Alto logs to my NXLog v5 environment. On Palo Alto side, I have selected CEF format, and the Delimiter field is set to Space:" " (that's my only option)

    2022-07-01 18:18:48 ERROR [im_ssl|ssl] binary header not found at position 0 in data received from logforwarding.us.cdl.paloaltonetworks.com (34.67.106.77), is input really binary?

    #define ROOT C:\Program Files\nxlog
    define ROOT C:\Program Files\nxlog
    define CERTDIR C:\Program Files\nxlog\cert

    Moduledir %ROOT%\modules
    CacheDir %ROOT%\data
    Pidfile %ROOT%\data\nxlog.pid
    SpoolDir %ROOT%\data
    LogFile %ROOT%\data\nxlog.log

    <Extension cef>
    Module xm_cef
    </Extension>

    <Extension syslog>
    Module xm_syslog
    </Extension>

    <Input ssl>
    Module im_ssl
    ListenAddr 0.0.0.0:16514
    CAFile %CERTDIR%/datalake.cert
    CertFile %CERTDIR%/plzwork.crt
    CertKeyFile %CERTDIR%/plzwork.key
    # KeyPass secret
    InputType Binary
    </Input>

    <Input udp_input>
    Module im_udp
    ListenAddr 0.0.0.0:16514
    Exec parse_syslog(); parse_cef($Message);
    </Input>

    <Output udp_output>
    Module om_udp
    Host 127.0.0.1
    Port 16515
    Exec $Message = to_cef(); to_syslog_bsd();
    </Output>

    <Route 1>
    Path ssl => udp_input => udp_output
    </Route>

    Thank you!!

Answers (0)