Problems with importing logs

Reply
L2 Linker

Re: Problems with importing logs

I had to import logs from each firewall indvidually to get it to work.

L4 Transporter

Re: Problems with importing logs

The logs will show under the firewall they belong too.

The belonging is done via the serial number (and the serialHA number).

 

Therefore, given a path for a device, we will show only the files that are on that path and that also share the serial number of that device.

 

Why is that?

  • Reason 1:
    • We can place all the logs of multiple firewalls in the same folder /PALogs/* but we only want to see those logs that belong to each firewall, to be accurate with the firewall's context
  • Reason 2:
    • We may have one panorama that handles 50 firewalls, having each firewall's files under /PALogs/firewall_X/*. We can set the path for Panorama to /PALogs/*, and all the managed devices (if they do not overwrite the given Panorama's path) will inherit the path, and will show only the files that belong to the firewall in place.
      Notice that we also list files that are in subfolders of a given path (if we have reading access to the folder)
L2 Linker

Re: Problems with importing logs

And to confirm you did this under M. Learning, correct?  Regardless of what I try, in the Expedition GUI, I can never find the .csv files exported from the firewall to the Expedition Server.  When I go to the server, the Logs are getting created and written to the server properly, just aren't able to be seen by the GUI.

L1 Bithead

Re: Problems with importing logs

Have you tired hitting them with a 777 hammer just to rule out permissions?

L4 Transporter

Re: Problems with importing logs

Can you confirm that the FW you have defined in expedition has the same serial number as the serials reported in the logs?

 

And that the log path is correctly writen (without spaces)

 

And, could you try to check with the most recent update of Expedition?

 

If it continues failing, let's have a Zoom session to figure out the source of the issue. And we report back here the resolution once solved.

L2 Linker

Re: Problems with importing logs

I've confirmed the Serial number matches, and the path is correct.  We're running Expedition on esxi host, so we had to convert the original image.  Is there a way within expedition to "Check for Update" or do we need to convert the image to esxi again and re-install?

L4 Transporter

Re: Problems with importing logs

Expedition comes as a software package.

It is simple to updtae it:
sudo apt-get update
sudo apt-get install expedition-beta

Notice that you may get a message to launch another command more to update some python modules. The command will come along the last lines of the "sudo apt-get install expedition-beta" output.
L2 Linker

Re: Problems with importing logs

Looks like the upgrade did the trick, thank you...

 

 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!