Content translations are temporarily unavailable due to site maintenance. We apologize for any inconvenience. Visit our blog to learn more.
In the ML or RE case, where Expedition is configured as syslog server , and you are forwarding traffic logs from Panorama to Expedition, by default, the logs will be saved using Panorama_IP . The solution below provides steps on how to split the logs per serial# of the firewall.
Split the logs per FW/Serial number by following below steps:
Step 1. Edit your rsyslog.conf file
Replace below line:
$template DynaTrafficLog,"/PALogs/%FROMHOST-IP%/%HOSTNAME%traffic%$YEAR%%$MONTH%%$DAY%_last_calendar_day.csv"
to below ones:
set $!SERIAL = field($msg,",",2);
$template DynaTrafficLog,"/PALogs/%FROMHOST-IP%/%$!SERIAL%/%$!SERIAL%%HOSTNAME%_traffic%$YEAR%%$MONTH%%$DAY%_last_calendar_day.csv"
The intention of the above configuration is to create a folder with your Panorama IP and subfolders for each FW/Serial number.
Step 2. Restart the syslog service
Issue below command:
service rsyslog restart
For your reference, next Expedition releases will include a set of rsyslog configuration example files on the path /var/www/html/OS/rsyslog folder .
