Sentinel palo alto firewall integration

Occasional Visitor

Hi Everyone,

 

I'm trying to integrate palo alto firewall with sentinel. I'm getting the logs in CEF collector machine but it is not reflecting sentinel. I have tried the below troubleshooting:

1) The facility and log format is verified and is set to LOG_USER and CEF respectively

2) Updated the config file to include keyword from palo alto to send it to 25226 port of the agent(restarted rsyslog and agent after that)

3)Added user facility in the log analytics workspace

Note: I'm using the same server to bring in logs from other sources and they are working fine

0 Replies