Since the other person didn't reply, i'm going to piggy back off this! I'm getting the same error when sending Palo Alto logs to my NXLog v5 environment. On Palo Alto side, I have selected CEF format, and the Delimiter field is set to Space:" " (that's my only option)
2022-07-01 18:18:48 ERROR [im_ssl|ssl] binary header not found at position 0 in data received from logforwarding.us.cdl.paloaltonetworks.com (34.67.106.77), is input really binary?
Comments (2)
Hello Sir,
Please can you share the configuration you are using?
Sincerely
Klevin
Since the other person didn't reply, i'm going to piggy back off this! I'm getting the same error when sending Palo Alto logs to my NXLog v5 environment. On Palo Alto side, I have selected CEF format, and the Delimiter field is set to Space:" " (that's my only option)
2022-07-01 18:18:48 ERROR [im_ssl|ssl] binary header not found at position 0 in data received from logforwarding.us.cdl.paloaltonetworks.com (34.67.106.77), is input really binary?
#define ROOT C:\Program Files\nxlog
define ROOT C:\Program Files\nxlog
define CERTDIR C:\Program Files\nxlog\cert
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
<Extension cef>
Module xm_cef
</Extension>
<Extension syslog>
Module xm_syslog
</Extension>
<Input ssl>
Module im_ssl
ListenAddr 0.0.0.0:16514
CAFile %CERTDIR%/datalake.cert
CertFile %CERTDIR%/plzwork.crt
CertKeyFile %CERTDIR%/plzwork.key
# KeyPass secret
InputType Binary
</Input>
<Input udp_input>
Module im_udp
ListenAddr 0.0.0.0:16514
Exec parse_syslog(); parse_cef($Message);
</Input>
<Output udp_output>
Module om_udp
Host 127.0.0.1
Port 16515
Exec $Message = to_cef(); to_syslog_bsd();
</Output>
<Route 1>
Path ssl => udp_input => udp_output
</Route>
Thank you!!