I have created an EDL in PANOS 8.0.0 using a feed from Minemeld 0.9.40, when I commit I receive the following message:
EDL(vsys1/Skype-IPv4 ip) Downloaded file is not a text file.
Does anyone know how to correct the error ?
you should check ms.log for additional details. Most probably this is due to a known bug in PAN-OS 8.0.0 that was fixed in the subsequent releases. The bug was related to certificate verification.
Hi Imori -
I will check the log.
For information I used the process on https://gist.github.com/jtschichold/f0977e5c1ec09b3ec7d66bf80687d9da to generate the certificate.
The file appears to be downloading:
2017-07-12 13:30:50.287 +0100 EDL entry(0x10a6a000, 0x1cff6000, (nil) vsys1/Skype-IPv4, 1, 1 ip) Downloaded EDL file size(1210)
There is nothing obvious to me in ms.log, I have attached some extracts for reference.
Hi @lmori -
I have connected to the URL with a browser and I can see the IP addresses listed, there are no proxies involved, the 'Test Source URL' on the EDL object gives result message 'Source URL is accessible.'
could you check MineMeld API logs for the requests of the firewall ? /opt/minemeld/logs/minemeld-web.log (or download from SYSTEM > DASHBOARD > API > LOGS)
If the firewall IP is not in the minemeld log, it means that MineMeld does not receive the EDL request from the firewall.
Could you double check that the URL in PAN-OS is correct (don't trust "Test Source URL") ?
Is there something in the middle between the firewall management interface and MineMeld that could block the session ?
The EDL is on one end of an IPSEC VPN the peer traffic logs attached appear to show successful connections to the Minemeld server.
The URL shows IP addresses, extract below:
22.214.171.124-126.96.36.199 188.8.131.52-184.108.40.206 220.127.116.11-18.104.22.168 22.214.171.124-126.96.36.199 188.8.131.52-184.108.40.206 220.127.116.11-18.104.22.168 22.214.171.124-126.96.36.199 188.8.131.52-184.108.40.206 220.127.116.11-18.104.22.168 22.214.171.124-126.96.36.199 188.8.131.52-184.108.40.206 220.127.116.11-18.104.22.168 22.214.171.124-126.96.36.199 188.8.131.52-184.108.40.206 220.127.116.11-18.104.22.168 22.214.171.124-126.96.36.199 188.8.131.52-184.108.40.206 220.127.116.11-18.104.22.168 22.214.171.124-126.96.36.199 188.8.131.52-184.108.40.206
The only thing I can think of that would block the session is the peer firewall and as I say the logs appear to show a valid connection.
The system log on the EDL firewall also appears to show that the file is being downloaded and processed...or are these spurious messages ?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!