Video Screencast Help

Palo Alto collector signature for SSIM

Created: 26 Sep 2012 • Updated: 27 Sep 2012 | 4 comments
Pen's picture
This issue has been solved. See solution.

Hi,

I installed Palo Alto event collector and want to Syslog Director send Palo Alto logs to Palo Alto collectors but  I couldn't find collector signature from collector package. It should be utils folder of collector package but there is no utils folder in the package. I used the Palo_Alto_Firewall_Event_Collector_4.4.4_AllWinAllLinux_EN.zip package. Without collector signature all Palo Alto logs sends to Generic Syslog event collector.

Umit

Comments 4 CommentsJump to latest comment

Laurent_c's picture

After you run the liveupdate on collector machine, is there a xml downloaded in the utils folder ?

Pen's picture

I installed Pala Alto collector on Information Manager so there is no utils folder exist. 

Laurent_c's picture

are you sure ?

 

Just testing on my SSIM:

 

[root@atr-ses-9650 utils]# pwd
/opt/Symantec/sesa/Agent/collectors/panfw/utils
[root@atr-ses-9650 utils]# ls -l
total 4
-rw-rw-r--  1 sesuser ses 198 Apr  2 08:47 panfwmatch.xml
[root@atr-ses-9650 utils]#
 

I have xml there to be imported.

You can copy of paste content

[root@atr-ses-9650 utils]# cat panfwmatch.xml
<CollectorSignatures>
 <Collector>
    <ID>3525</ID>
    <Default>TRAFFIC,THREAT,CONFIG,SYSTEM</Default>
    <Custom>TRAFFIC,THREAT,CONFIG,SYSTEM</Custom>
  </Collector>
</CollectorSignatures>

 

Then use it to import or do it manually.

SOLUTION
Pen's picture

Hi,

After run live update it fixed. Now I can get Palo Alto logs without problem. Thank you for your helps.

Umit