Seeing CEF messages in Syslog

%3CLINGO-SUB%20id%3D%22lingo-sub-1658341%22%20slang%3D%22en-US%22%3ESeeing%20CEF%20messages%20in%20Syslog%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1658341%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20noticed%20that%20there%20are%20certain%20Palo%20Alto%20messages%20showing%20up%20in%20our%20Syslog%20table%20rather%20than%20the%20CommonSecurityLog.%26nbsp%3B%20%26nbsp%3B%20Not%20really%20sure%20why%20this%20would%20be%20happening%20as%20we%20are%20not%20sending%20any%20PA%20data%20to%20Syslog%20directly.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAnyone%20run%20into%20this%20before%20and%20have%20any%20ideas%20how%20to%20resolve%20it%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Super Contributor

I have noticed that there are certain Palo Alto messages showing up in our Syslog table rather than the CommonSecurityLog.    Not really sure why this would be happening as we are not sending any PA data to Syslog directly.

 

Anyone run into this before and have any ideas how to resolve it?

1 Reply
Highlighted
It appears this was due to the sending system incorrectly configuring some of the messages it was sending.