Issue getting logs to flow into Kibana (Windows OS)

Elastic Stack Elastic Agent
1

Cannot seem to get syslogs to flow from our vPAN Palo appliance to Kibana.

I verified the logs were indeed being sent from our appliance to the OS using Kiwi Syslog.

Have completed the following steps...What am i missing?

  • Installed elasticsearch
  • Installed kibana
  • Installed elasticagent
  • Configured agent and kibana yml files
  • Added modules for panw and system
  • Setup integration in Kibana

Also, if you have any good knowledgebase or training sites you used to get up to speed, please advise.

Thanks in advance.

2

Hi @w0mbat welcome to the community.

Ok you did all those steps but did you validate along the way?

  • Installed elasticsearch
  • Installed kibana

Did you validate elasicsearch and kibana is up and running? If so how?

  • Installed elasticagent

How did you install? Standalone or Fleet Managed? Did you validate that the agent is actually working and sending telemetry using the basic file or system metrics?

  • Configured agent and kibana yml files

What exactly did you configure?

  • Added modules for panw and system
  • Setup integration in Kibana

Seems out of order ... Load the Integration and Assets in Kibana first, then create standalone agent manifest then deploy and install agent

In general look like you are doing many of the right things but we won't be able to help debug without details, logs, errors etc.

Screenshot 2024-03-30 at 8.31.04 AM
Screenshot 2024-03-30 at 8.31.04 AM1920×1147 96.6 KB

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.