I'm receiving this error when sending Palo Alto logs to my NXLog v5 environment. On Palo Alto side, I have selected CEF format, and the Delimiter field is set to Space:" " (that's my only option)

2022-07-01 18:18:48 ERROR [im_ssl|ssl] binary header not found at position 0 in data received from logforwarding.us.cdl.paloaltonetworks.com (, is input really binary?

Any idea's??

#define ROOT C:\Program Files\nxlog
define ROOT C:\Program Files\nxlog
define CERTDIR C:\Program Files\nxlog\cert

Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log

<Extension cef>
Module xm_cef

<Extension syslog>
Module xm_syslog

<Input ssl>
Module im_ssl
CAFile %CERTDIR%/datalake.cert
CertFile %CERTDIR%/plzwork.crt
CertKeyFile %CERTDIR%/plzwork.key
# KeyPass secret
InputType Binary

<Input udp_input>
Module im_udp
Exec parse_syslog(); parse_cef($Message);

<Output udp_output>
Module om_udp
Port 16515
Exec $Message = to_cef(); to_syslog_bsd();

<Route 1>
Path ssl => udp_input => udp_output

Thank you!!

AskedJuly 2, 2022 - 12:28am

Answers (0)