APP-ID adoption doesn't output any app-IDs

Showing results for 
Show  only  | Search instead for 
Did you mean: 

APP-ID adoption doesn't output any app-IDs

L2 Linker

I'm using expedition 1.1.93


When I target my any/any rule for app-id adoption, the adoption process finishes, but no app-ids are displayed. This occurs whether I request a slow retrieval or a fast retrieval.



The same rule(s) work fine with ML and RE (app-ids show up as expected).



Any ideas? I'm not even sure how to troubleshoot this. Any help is appreciated. Thanks!



L2 Linker

something to add... 


Initially I didn't have the "APP-ID via LOG" column showing in the security policies table. I've added that column. 


Oddly enough, now when I retrieve apps (fast or slow) the "APP-ID via LOG" column disappears from the table. If I add the column again, it's empty. 

For APP-ID Adoption, the important part will be the log connector, please specify the correct PAN-OS device that contains the security policy and logs, make sure Expedition can connect to it via API.  To verify that, you can try to click "Retrieve content -> running configuration and see if the latest configuration has been downloaded.  For more detailed steps, please review Module 1,2,6,7 of the below video playlist for APP-ID adoptions:

Thank you Lynn. 


I'm using Panorama, and I have two log connectors each mapped to their respective device group (and devices). 



LC1 = DG1 = devices 1 and 2

LC2 = DG2 = devices 3 and 4



I could be wrong, but I don't think the log connectors are mis-configure.  ML and RE work flawlessly across both DGs (thus invoking both LCs).



Do you have any other suggestions or ideas? Thank you again. 


Oddly enough if I exit the project and go into devices, I only see the Panorama device. Retrieving the running configuration of the Panorama device works fine. I can also retrieve connected devices and the content of those devices with no errors.

If I go back into devices and select "show all devices", I now see the FW devices underneath the Panorama instance. If I drill into the FW device directly, and try to retrieve the running config, I receive a remote exception error stating "Please generate an admin API key first".

I was under the impression that I would perform all interaction via Panorama, and that I didn't need to worry about generating API keys at the device level. What do you think?


I'm going to look through the config logs and see if the admin user pw was changed anywhere.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!