I am not able to see the logs forwarded from the PaloAlto in the sentinel in the AUX Table format.
I am using Cribl to be able to send Palo Alto syslogs to a custom AUX table in Sentinel.I have configured the port for ingesting Syslog. The private IP address of the VM hosting Cribl is also set. Source is the syslog and the destination is the sentinel. Express route is taken to go to Routing and QuickConnect .
The logs are forwarded from the PaloAlto firewall. But I am not able to filter them out in the AUX table in the sentinel.
Although if I SSH into Cribl box and simulate some CEF over Syslog traffic with Logger, I am able to see it in the sentinel.
I want to see the logs that is being forwarded from the PaloAlto Firewall.
Use Cribl to ingest Firewall logs into Sentinel Auxiliary Logs tier | LinkedIn
I have used this document for the setup.