responses
I'm receiving this error when sending Palo Alto logs to my NXLog v5 environment. On Palo Alto side, I have selected CEF format, and the Delimiter field is set to Space:" " (that's my only option)
2022-07-01 18:18:48 ERROR [im_ssl|ssl] binary header not found at position 0 in data received from logforwarding.us.cdl.paloaltonetworks.com (34.67.106.77), is input really binary?
Any idea's??
#define ROOT C:\Program Files\nxlog
define ROOT C:\Program Files\nxlog
define CERTDIR C:\Program Files\nxlog\cert
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
<Extension cef>
Module xm_cef
</Extension>
<Extension syslog>
Module xm_syslog
</Extension>
<Input ssl>
Module im_ssl
ListenAddr 0.0.0.0:16514
CAFile %CERTDIR%/datalake.cert
CertFile %CERTDIR%/plzwork.crt
CertKeyFile %CERTDIR%/plzwork.key
# KeyPass secret
InputType Binary
</Input>
<Input udp_input>
Module im_udp
ListenAddr 0.0.0.0:16514
Exec parse_syslog(); parse_cef($Message);
</Input>
<Output udp_output>
Module om_udp
Host 127.0.0.1
Port 16515
Exec $Message = to_cef(); to_syslog_bsd();
</Output>
<Route 1>
Path ssl => udp_input => udp_output
</Route>
Thank you!!