Added new input Palo Alto UDP (#24617)

* implemented palo alto udp input * change log and clean up * formatting the code * Minor nits --------- Co-authored-by: Dan Torrey <dan.torrey@graylog.com>
2026-03-13 09:32:21 +08:00 · 2026-01-06 22:25:23 +05:30
parent 615990f759
commit c9ebd392a4
3 changed files with 83 additions and 0 deletions
--- a/changelog/unreleased/issue-9582.toml
+++ b/changelog/unreleased/issue-9582.toml
@@ -0,0 +1,5 @@
+type = "a"
+message = "Added new Palo Alto Networks UDP (PAN-OS v11+) input."
+
+pulls=["24617"]
+issues = ["graylog-plugin-enterprise#9582"]
--- a/graylog2-server/src/main/java/org/graylog/integrations/IntegrationsModule.java
+++ b/graylog2-server/src/main/java/org/graylog/integrations/IntegrationsModule.java
@@ -38,6 +38,7 @@ import org.graylog.integrations.inputs.paloalto.PaloAltoCodec;
 import org.graylog.integrations.inputs.paloalto.PaloAltoTCPInput;
 import org.graylog.integrations.inputs.paloalto11.PaloAlto11xCodec;
 import org.graylog.integrations.inputs.paloalto11.PaloAlto11xInput;
+import org.graylog.integrations.inputs.paloalto11.PaloAlto11xUdpInput;
 import org.graylog.integrations.inputs.paloalto9.PaloAlto9xCodec;
 import org.graylog.integrations.inputs.paloalto9.PaloAlto9xInput;
 import org.graylog.integrations.ipfix.codecs.IpfixCodec;
@@ -187,6 +188,8 @@ public class IntegrationsModule extends PluginModule {
        // Palo Alto Networks 11x
        LOG.debug("Registering message input: {}", PaloAlto11xInput.NAME);
        addMessageInput(PaloAlto11xInput.class);
+        LOG.debug("Registering message input: {}", PaloAlto11xUdpInput.NAME);
+        addMessageInput(PaloAlto11xUdpInput.class);
        addCodec(PaloAlto11xCodec.NAME, PaloAlto11xCodec.class);

        // CloudTrail
--- a/graylog2-server/src/main/java/org/graylog/integrations/inputs/paloalto11/PaloAlto11xUdpInput.java
+++ b/graylog2-server/src/main/java/org/graylog/integrations/inputs/paloalto11/PaloAlto11xUdpInput.java
@@ -0,0 +1,75 @@
+/*
+ * Copyright (C) 2020 Graylog, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the Server Side Public License, version 1,
+ * as published by MongoDB, Inc.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * Server Side Public License for more details.
+ *
+ * You should have received a copy of the Server Side Public License
+ * along with this program. If not, see
+ * <http://www.mongodb.com/licensing/server-side-public-license>.
+ */
+package org.graylog.integrations.inputs.paloalto11;
+
+import com.codahale.metrics.MetricRegistry;
+import com.google.inject.assistedinject.Assisted;
+import com.google.inject.assistedinject.AssistedInject;
+import jakarta.inject.Inject;
+import org.graylog2.inputs.transports.UdpTransport;
+import org.graylog2.plugin.LocalMetricRegistry;
+import org.graylog2.plugin.ServerStatus;
+import org.graylog2.plugin.configuration.Configuration;
+import org.graylog2.plugin.inputs.MessageInput;
+import org.graylog2.plugin.inputs.annotations.ConfigClass;
+import org.graylog2.plugin.inputs.annotations.FactoryClass;
+
+public class PaloAlto11xUdpInput extends MessageInput {
+
+    public static final String NAME = "Palo Alto Networks UDP (PAN-OS v11+)";
+
+    @AssistedInject
+    public PaloAlto11xUdpInput(MetricRegistry metricRegistry,
+                               @Assisted Configuration configuration,
+                               UdpTransport.Factory udpTransportFactory,
+                               PaloAlto11xCodec.Factory codecFactory,
+                               LocalMetricRegistry localRegistry,
+                               Config config,
+                               Descriptor descriptor,
+                               ServerStatus serverStatus) {
+        super(metricRegistry, configuration, udpTransportFactory.create(configuration), localRegistry,
+                codecFactory.create(configuration), config, descriptor, serverStatus);
+    }
+
+    @FactoryClass
+    public interface Factory extends MessageInput.Factory<PaloAlto11xUdpInput> {
+        @Override
+        PaloAlto11xUdpInput create(Configuration configuration);
+
+        @Override
+        PaloAlto11xUdpInput.Config getConfig();
+
+        @Override
+        PaloAlto11xUdpInput.Descriptor getDescriptor();
+    }
+
+    public static class Descriptor extends MessageInput.Descriptor {
+        @Inject
+        public Descriptor() {
+            super(NAME, false, "");
+        }
+    }
+
+    @ConfigClass
+    public static class Config extends MessageInput.Config {
+
+        @Inject
+        public Config(UdpTransport.Factory transport, PaloAlto11xCodec.Factory codec) {
+            super(transport.getConfig(), codec.getConfig());
+        }
+    }
+}