0
responses

I'm receiving this error when sending Palo Alto logs to my NXLog v5 environment. On Palo Alto side, I have selected CEF format, and the Delimiter field is set to Space:" " (that's my only option)

2022-07-01 18:18:48 ERROR [im_ssl|ssl] binary header not found at position 0 in data received from logforwarding.us.cdl.paloaltonetworks.com (34.67.106.77), is input really binary?

Any idea's??

#define ROOT C:\Program Files\nxlog
define ROOT C:\Program Files\nxlog
define CERTDIR C:\Program Files\nxlog\cert

Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log

<Extension cef>
Module xm_cef
</Extension>

<Extension syslog>
Module xm_syslog
</Extension>

<Input ssl>
Module im_ssl
ListenAddr 0.0.0.0:16514
CAFile %CERTDIR%/datalake.cert
CertFile %CERTDIR%/plzwork.crt
CertKeyFile %CERTDIR%/plzwork.key
# KeyPass secret
InputType Binary
</Input>

<Input udp_input>
Module im_udp
ListenAddr 0.0.0.0:16514
Exec parse_syslog(); parse_cef($Message);
</Input>

<Output udp_output>
Module om_udp
Host 127.0.0.1
Port 16515
Exec $Message = to_cef(); to_syslog_bsd();
</Output>

<Route 1>
Path ssl => udp_input => udp_output
</Route>

Thank you!!

AskedJuly 2, 2022 - 12:28am

Answers (0)