For details on cookie usage on our site, read our Privacy Policy
Expedition as syslog server, change logs directory
- LIVEcommunity
- Tools
- Expedition
- Expedition Discussions
- Expedition as syslog server, change logs directory
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
- Mark as New
- Subscribe to RSS Feed
- Permalink
01-04-2019 03:38 PM
Hi Team!
We wish to use the Expedition tool for some logs coming from a PA-7000 series. Since the scheduled log export option is not feasible we wish to export logs via syslog. A few questions with this.
1. Where is the default location that the syslogs will go to?
2. Can we change the default log location, if so how? (We will be adding new virtual disk mounted to /PALogs and want to make the logs go there)
3. What will the permissions need to be on the new logs folder, does it need to be owned by "syslog" or "expedition", both? How?
I have a funny feeling its to do with the rsyslog.confg file but could do with some assistance.
Cheers,
Luke.
- Mark as New
- Subscribe to RSS Feed
- Permalink
08-24-2021 08:45 AM
Thank you for your reply, but my issue is the file format :
not working format that when i exported as syslog:
2021-08-24T11:51:13+03:00 MOE-HQ-PA-FW-01.moe.local 1,2021/08/24 11:51:12,010108010441,TRAFFIC,start,2305,2021/08/24 11:51:12,10.0.70.54,192.168.6.215,0.0.0.0,0.0.0.0,ANY-to-ANY_HTTPs,,,ms-sms,vsys1,outside,DB-V-13,ae2.63,ae2.2,Panorama-log,2021/08/24 11:51:12,71962469,1,52271,80,0,0,0x4000,tcp,allow,4472,4402,70,7,2021/08/24 11:51:11,0,private-ip-addresses,0,6982130509256638010,0x8000000000000000,10.0.0.0-10.255.255.255,192.168.0.0-192.168.255.255,0,6,1,n/a,922,0,0,0,HQ-DC,MOE-HQ-PA-FW-01,from-policy,,,0,,0,,N/A,0,0,0,0,47a0c081-9c8c-40c7-91b8-d047d0d54e6b,0,0,,,,,,,
working format, and this format was export normaly from the firewall as (scheduled log export)
1,2021/08/22 00:00:00,013201026585,TRAFFIC,start,2305,2021/08/22 00:00:00,10.25.127.56,10.0.10.204,,,EDs-To-Call-Manager,,,web-browsing,vsys2,RYNC-IPVPN-OUTSIDE,RYNC-IPVPN-INSIDE,ae6.601,ae5.600,Log_Forwarding_WAN,2021/08/22 00:00:00,514109,1,46033,6970,0,0,0x100000,tcp,allow,373,295,78,4,2021/08/22 00:00:01,0,any,0,6971380400278891820,0x8000000000000000,10.0.0.0-10.255.255.255,10.0.0.0-10.255.255.255,0,3,1,n/a,0,0,0,0,NC-WAN-VSYS2,RYNC-PA-FW-01,from-policy,,,0,,0,,N/A,0,0,0,0,49a0caee-7b03-4ee0-aa85-cc902ed09c8a,0,0,,,,,,,
How I can change the non working format?
any help?
Hamadah
- Mark as New
- Subscribe to RSS Feed
- Permalink
08-25-2021 11:43 AM
I think you have the correct format , have you already updated your expedition to v1.1.105? If you already did , have you seen the log file in the GUI? If you still not seeing the file in GUI, please make sure you can ssh to the expedition and see the file is already in the folder you trying to search when you trying to process the log.
- Expedition - Device M. Learning path to csv files not listing firewall logs in Expedition Discussions
- User ID and Expedition in Expedition Discussions
- Cannot login to Expedition gui using default admin/paloalto after ovf transfer and ip change in Expedition Discussions
- Expeditions stopped accepting Syslog in Expedition Discussions
- Expedition 1.2.48 Hotfix Information in Expedition Release Notes
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
