Hi Guys,
I read the Tech note for that part and it is mostly with SRX. I get that the concept is the same with PAN firewall but I'm having issues getting the first step to work.
I start the ingress logger service and the other service right below that one but I don't see anything coming to my access tracker. I collected logs for ClearPass and I only see this in the "ingressproc.log" file:
2017/10/30 16:26:31 ERROR Failed to perform request=http://localhost:9200/logstash-*/_search?pretty=true
2017/10/30 16:26:31 ERROR Failed to perform request=http://localhost:9200/logstash-*/_search?pretty=true
2017/10/30 16:26:31 ERROR Failed to read events, cause=Get http://localhost:9200/logstash-*/_search?pretty=true: dial tcp 127.0.0.1:9200: getsockopt: connection refused
2017/10/30 18:18:01 ERROR Failed to perform request=http://localhost:9200/logstash-*/_search?pretty=true
2017/10/30 18:18:01 ERROR Failed to perform request=http://localhost:9200/logstash-*/_search?pretty=true
2017/10/30 18:18:01 ERROR Failed to read events, cause=Get http://localhost:9200/logstash-*/_search?pretty=true: dial tcp 127.0.0.1:9200: getsockopt: connection refused
Anyone have any experience with this? I already added CP as a syslog target on my PAN.