This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Cookie Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Expedition as syslog server, change logs directory

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Expedition as syslog server, change logs directory

Go to solution
LukeBullimore
L5 Sessionator

‎01-04-2019 03:38 PM

Hi Team!

 

We wish to use the Expedition tool for some logs coming from a PA-7000 series. Since the scheduled log export option is not feasible we wish to export logs via syslog. A few questions with this.

 

1. Where is the default location that the syslogs will go to?

2. Can we change the default log location, if so how? (We will be adding new virtual disk mounted to /PALogs and want to make the logs go there)

3. What will the permissions need to be on the new logs folder, does it need to be owned by "syslog" or "expedition", both? How?

 

I have a funny feeling its to do with the rsyslog.confg file but could do with some assistance.

 

Cheers,

Luke.

0 Likes Likes
11 REPLIES 11

Go to solution
dgildelaig
L5 Sessionator
In response to LukeBullimore

‎04-30-2019 02:17 AM

For anyone reading this thread in the future, we have found that in some cases, to see logs getting into the desired folder, it is ALSO necessary to restart the VM. Restarting the service did not seem to be enough, and as I am not a guru to identify which other services are involved in this process, what we found out is that restarting the VM helped to start seeing the logs arriving into the desired folder.

 

We spent hours with a client to see whether the config was wrong (which look perfect), sniffing traffic to see that was hitting the Expedition VM from the Firewalls that were forwarding the syslog entries, and at the end, we just reboot the VM and voilá!

 

I hope this helps others.

Go to solution
hamadahFarajallah
L1 Bithead
In response to Laimonas

‎08-24-2021 03:38 AM

Hi,

 

I have face same issue, how can automatically parse these file i can not see it in the expedition GUI, when you go to devices --> m.Lerning noting is there?

any thing that i need to be done?

thanks in advance

 

Hamadah 

0 Likes Likes

Go to solution
hamadahFarajallah
L1 Bithead

‎08-24-2021 03:39 AM

Hi,

 

I have an issue i can see the csv file in the folder but how can automatically parse these file,  I can not see it in the expedition GUI, when you go to devices --> m.Lerning noting is there?

any thing that i need to be done?

thanks in advance

 

Hamadah 

0 Likes Likes

Go to solution
lychiang
L6 Presenter
In response to hamadahFarajallah

‎08-24-2021 08:03 AM

@hamadahFarajallah Please make sure your expedition is up to date on v 1.1.105 since there was a fixed for the issue you running to in the earlier version.  

0 Likes Likes

Go to solution
azuniga
L4 Transporter
In response to hamadahFarajallah

‎08-24-2021 08:05 AM

Hello,

 

We had an issue on 1.1.104 with machine learning so we pushed a fix out on 1.1.105 so if you are currently using that version I would suggest you upgrade to the latest. If this isn't the case just make sure that the folder permissions are there for the PALogs folder and the sub folder within PALogs.

0 Likes Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Copyright 2007 - 2023 - Palo Alto Networks