Good day all.
I have a question about the Palo Alto Next-Gen Firewall integration. It has two input types, TCP and UDP. We have a client that wanted to move from the UDP to the TCP/SSL connection for security, so we did that.
We were getting UDP logs fine however once we switched over to TCP; we started getting grok pattern errors in the logs.
Ex:
error.message: [syslog failed to process field "message": parsing error at position 1: unexpected EOF, Provided Grok expressions do not match field value: [�� 93�>] grok]
event.original: �� 93�>
The strange thing is that we are using the out-of-the-box integration, have made no changes to it at all, and the UDP portion was fine. It MAY be that because the client activated SSL that it's encrypting the message data but we're not sure. We have not configured SSL on the integration side as we believed that we did not need that but that can be adjusted if its actually required.
Let me know if this has been seen before and some help can be provided.
Thanks!