SC4S - Palo Alto PANOS Log Type Port Question #2792
Unanswered
Optumize13
asked this question in
Q&A
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
SC4S Newbie here.
Why are IETF framed logs specifically bound to port 601? The documentation contradicts itself, unless I'm reading it wrong.
Per documentation:
IMPORTANT IETF Framed syslog must use port 601
https://splunk.github.io/splunk-connect-for-syslog/main/sources/vendor/PaloaltoNetworks/panos/
ALSO in the documentation:
SC4S_LISTEN_PULSE_PAN_PANOS_RFC6587_PORT | empty string | Enable a TCP using IETF Framing (RFC6587) port for this specific vendor product using a comma-separated list of port numbers
When I tried to enable this option (TCP-1601), it didn't work until I switched the port back to 601.
It is a security no-no for our environment to use root level ports (<1024). Security prefers us to use ports above 1024.
Beta Was this translation helpful? Give feedback.
All reactions