Issue
After following the configuration for the Palo Alto Pan-OS integration, we are unable to see any alerts coming in.
Environment
Red Canary
Resolution
The Syslog Server Profile should use TCP over SSL to be able to communicate correctly with the Red Canary server and complete the handshake. Once the handshake is fixed the alerts will be populated in Red Canary.
In Palo Alto Pan-OS, review Server Profiles > Syslog > Review the Transport Protocol and switch it to SSL from TCP. Check that the port number matches the port provided by Red Canary for your syslog; in most cases it will be port 514.
Before the Change:
After the change:
Cause
Wrong Protocol is in used for the syslog traffic.