Reply
Highlighted
L2 Linker
Posts: 22
Registered: ‎03-23-2012

EDL file problem

Hello -

 

I have created an EDL in PANOS 8.0.0 using a feed from Minemeld 0.9.40, when I commit I receive the following message:

 

EDL(vsys1/Skype-IPv4 ip) Downloaded file is not a text file.

 

Does anyone know how to correct the error ?

 

Thanks

L6 Presenter
Posts: 707
Registered: ‎03-03-2011

Re: EDL file problem

Hi @paul_w,

you should check ms.log for additional details. Most probably this is due to a known bug in PAN-OS 8.0.0 that was fixed in the subsequent releases. The bug was related to certificate verification.

L2 Linker
Posts: 22
Registered: ‎03-23-2012

Re: EDL file problem

Hi Imori -

 

I will check the log.

 

For information I used the process on https://gist.github.com/jtschichold/f0977e5c1ec09b3ec7d66bf80687d9da to generate the certificate.

L2 Linker
Posts: 22
Registered: ‎03-23-2012

Re: EDL file problem

Hi @lmori

 

The file appears to be downloading:

2017-07-12 13:30:50.287 +0100 EDL entry(0x10a6a000, 0x1cff6000, (nil) vsys1/Skype-IPv4, 1, 1 ip) Downloaded EDL file size(1210)

 

There is nothing obvious to me in ms.log, I have attached some extracts for reference.

 

Thanks

Attachment
L6 Presenter
Posts: 707
Registered: ‎03-03-2011

Re: EDL file problem

Hi @paul_w,

have you tried connecting to the configured URL with the browser ? Do you see the contents ? Is there a proxy between the firewall and the EDL ?

L2 Linker
Posts: 22
Registered: ‎03-23-2012

Re: EDL file problem

Hi @lmori -

 

I have connected to the URL with a browser and I can see the IP addresses listed, there are no proxies involved, the 'Test Source URL' on the EDL object gives result message 'Source URL is accessible.'

L6 Presenter
Posts: 707
Registered: ‎03-03-2011

Re: EDL file problem

Hi @paul_w,

could you check MineMeld API logs for the requests of the firewall ? /opt/minemeld/logs/minemeld-web.log (or download from SYSTEM > DASHBOARD > API > LOGS)

 

L2 Linker
Posts: 22
Registered: ‎03-23-2012

Re: EDL file problem

Hi @lmori - I can't find find the ip address of the firewall in the logs and there don't appear to be any obvious errors.

 

Logs attached.

 

Thanks.

Attachment
L6 Presenter
Posts: 707
Registered: ‎03-03-2011

Re: EDL file problem

If the firewall IP is not in the minemeld log, it means that MineMeld does not receive the EDL request from the firewall.

Could you double check that the URL in PAN-OS is correct (don't trust "Test Source URL") ?

Is there something in the middle between the firewall management interface and MineMeld that could block the session ?

 

L2 Linker
Posts: 22
Registered: ‎03-23-2012

Re: EDL file problem

The EDL is on one end of an IPSEC VPN the peer traffic logs attached appear to show successful connections to the Minemeld server.

 

The URL shows IP addresses, extract below:

 

104.208.152.137-104.208.152.137
104.208.28.54-104.208.28.54
104.208.31.113-104.208.31.113
104.209.188.207-104.209.188.207
104.210.1.218-104.210.1.218
104.210.80.193-104.210.80.193
104.210.9.95-104.210.9.95
104.211.162.59-104.211.162.59
104.211.165.113-104.211.165.113
104.211.165.216-104.211.165.216
104.40.189.177-104.40.189.177
104.40.75.8-104.40.75.8
104.40.76.196-104.40.76.196
104.40.82.150-104.40.82.150
104.40.91.215-104.40.91.215
104.41.151.83-104.41.151.83
104.41.207.112-104.41.207.112
104.41.208.54-104.41.208.54
104.41.210.140-104.41.210.140
104.42.228.150-104.42.228.150

The only thing I can think of that would block the session is the peer firewall and as I say the logs appear to show a valid connection.

 

The system log on the EDL firewall also appears to show that the file is being downloaded and processed...or are these spurious messages ?  

Attachment