topic Scheduled Log Export to a AWS Expedition Server in Expedition Discussions

Scheduled Log Export to a AWS Expedition Server

jrtuck — Tue, 28 Jan 2020 21:03:23 GMT

Hello,

Does anyone know how to configure the Scheduled Log Export in a firewall to use the AWS ubuntu username and key pair? The Expedition-LogAnalysisGuide_v1.0.2.pdf document on page 7 states to use the "expedition" username and password on the Expedition server, but our Expedition server is in AWS and uses the username is ubuntu with a key pair. How do we export the firewall's logs to the Expedition server in AWS if we cannot use the "expedition" username and password?

Thank you.

Re: Scheduled Log Export to a AWS Expedition Server

dgildelaig — Tue, 28 Jan 2020 23:10:27 GMT

Not sure how to define in PANOS to do a log export with keys, but you should not feel restricted to use only the expedition user.

Just make sure that whatever user you are using to upload the CSV files to Expedition, would also allow www-data to read those files and to delete them (in case you want to compress or delete after processing)

You could use the groups in Linux to make sure that www-data belongs to the group of the user you select to upload the files.

Re: Scheduled Log Export to a AWS Expedition Server

jrtuck — Wed, 29 Jan 2020 13:14:17 GMT

I solved the issue by editing the /etc/ssh/sshd_config, changing "PasswordAuthentication no" to "PasswordAuthentication yes", saving the file and restarting the ssh service - sudo service ssh restart. Now the "expedition" username and passwords works properly. The Expedition-LogAnalysisGuide_v1.0.2.pdf guide should be updated with these steps for people who use Expedition in AWS.