Multibyte syslog forwarding

Multibyte syslog forwarding

8440
Created On 06/19/19 08:28 AM - Last Modified 11/19/19 05:14 AM


Symptom


Firewall replaces multibyte characters with a period character (.) when forwarding logs to a syslog server.
For example)
==== FW log ====
"あいうえお_かきくけこ.exe" (Japanese File Name)

==== Syslog server log ====
"..............._................exe"
 

Environment


- Forwarding syslog which contains multibyte character to syslog server from FW.

Cause


By default, the characters in the logs which is not ascii will be converted '.' when exported.

Resolution


<All version PAN-OS>
1. Log in to FW via CLI and execute this command.
> debug log-output-need-utf8 yes

2. Restart system or processes (mgmtsrvr and logrcvr).
> request restart system
or
> debug software restart process management-server
> debug software restart process log-receiver


<PAN-OS 9.0.0 or later>
1. Log in to FW via GUI and access to this following.
Device > Setup > Management > Logging and Reporting Settings > Log Export and Reporting

2. Check the box of "Support UTF-8 For Log Output" and click "OK"
User-added image

3. Commit
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PMAuCAO&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail