2 weeks ago
I updated and have a fresh install at 1.1.5
Was originally getting errors even processing logs but found the article to comment out the bind_ip 127.0.0.1 in my.cnf
Now it will sucesffully process the logs but when I choose the log files and set to ML then "Discovery > machine learning" and analyize I get no results.
Process is as follows
Start new project (dont get option to choose Purpose anymore? its auto set to Migration?)
Set api keys and grab config
Dump logs via scheduled log export as well as trying expoprt via CSV from monitor tab
Go to device and process logs (Completes)
Go to project and import config
Go to policies and choose correct Vsys as well as set policies to ML
Go to dicovery and create log connector to correct device and Vsys
Hit analyse and watch it complete its tasks
Says complete and there is no data
Any help would be great
Solved! Go to Solution.
a week ago
When you imported the configuration from the PANOS device, was via the device itself, and not via the XML upload config, right?
That would be necessary to do a proper mapping between the config and the Device Serial that will be used to check the logs.
Also, are we assuming that the selected rule got traffic reported for the selected period of time in the log connector?
And, make sure that you are running the latest version of Expedition 1.1.4
a week ago
Thanks for the reply,
I used the device itself to import the config, did not do a XML import.
The dump from the 5220 was over 10 gigs (Scheduled log export) and I also just dumped the traffic log from the monitor tab to csv.
I choose a date range of the day of the export, a week the export was in, month & year all with no results.
Also tried another PAN 850 importing same way and got same results.
Im on expedition 1.1.5 currently but to be honest im at the point where im going to spin up another expedition server to see if that helps.
This version im using is the OVA that was given out on this forum so I will just spin up another one and test that.
a week ago - last edited a week ago
Finally got it up and running
Stuck at pending, checked my.cnf and bind_ip was already commented out
Updated to 1.1.5 and now no web interface
a week ago
After many hours I finally got it
Not sure what the issue was, maybe spark was corrupted. I did expand the LVM to 40 gigs since the dumps I was using are well over 10 gigs in size.
Re created the VM and all is working now
Can someone tell me how to add more CPU resources to expedition. Ive added 4 cores to it but it only sees 1
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!