Panos devices can send logs in RFC5424 (newer syslog) format, but the module is hardcoded to rfc3164 (older syslog).
Currently the only workaround is to edit the module/panw/panos/config/input.yml file and enable the new RFC with the format config option for syslog input (added by #23954):
type: syslog
+ format: 5424
protocol.udp:
host: "{{.syslog_host}}:{{.syslog_port}}"We should expose this configuration via a module setting or update the panw module to do it's own syslog parsing supporting both RFCs.
Panos devices can send logs in RFC5424 (newer syslog) format, but the module is hardcoded to rfc3164 (older syslog).
Currently the only workaround is to edit the
module/panw/panos/config/input.ymlfile and enable the new RFC with theformatconfig option for syslog input (added by #23954):type: syslog + format: 5424 protocol.udp: host: "{{.syslog_host}}:{{.syslog_port}}"We should expose this configuration via a module setting or update the panw module to do it's own syslog parsing supporting both RFCs.