Palo Alto unknown-udp issue for Syslog Traffic

I ran accross an issue where a Cisco VCSE device was setup by another engineer but the Palo Alto FW kept seeing the syslog traffic come accross as “unknown-udp”. The issue was that the Cisco device was setup for “Legacy BSD format“. The correct setting is “IETF syslog format“. Just keep an eye on this for this device and other devices.

Here’s the Palo Alto showing the unknown for UDP and then identifying correctly after the change on the Cisco device:
PA_Unknown

Here’s the setting on the Cisco device:
VCSE_Syslog_Setting

More Stories
Cisco ASA VPN Tunnel Encaps Decaps