07-19-2021 06:31 PM - edited 07-22-2021 09:12 PM
I'm unable to find the CSV files that were sent from the FW as (expedition is a syslog)
below are the ML settings:
------------------------------------------------------------
expedition@Expedition:/PAlogs$ ls -l
total 8
drwxrwxrwx 2 expedition www-data 4096 Jul 20 00:00 172.16.16.5
-rwxrwxrwx 1 expedition expedition 17 Jul 17 00:51 ssh-export-test.txt
expedition@Expedition:/PAlogs$
----------------------------------------
07-19-2021 07:08 PM
@Mboghdady Have you upgrade your ubuntu by any chance , if you did "sudo apt-get upgrade" , it will break the dependence package that required by Expedition and you will need to re-install a fresh ubuntu server.
07-19-2021 07:17 PM
Hi , Thanks for your message,I usually use the below :
sudo apt-get update
sudo apt-get install expedition-beta
07-21-2021 08:58 PM
I can see and process all the files that exported from the FW (using Scheduled Log Export ) but still the issue on the CSV files that come from Syslog
07-22-2021 07:52 PM - edited 07-22-2021 09:31 PM
Any suggestion?
07-23-2021 02:28 AM
Expedition will check that the serial number in the log file fits with the serial number you have defined for the device in Expedition.
I would suggest two things:
- Verify you have defined the serial correctly, if not, you could enter the correct serial as a HA serial. If this work, you may consider creating the device again with the valid serial.
- If serial is already correct, you can enter the PATH as /PALogs/*.csv
Expedition will check recursively the folders and show all the files that belong to the device. If this works, please let me know and I will check if the issue is about having dots "." in the path you are providing.
07-23-2021 12:10 PM
Hi,
- I have verified the serial number by checking the CSV that was received from the FW and it's the same as the configured under the Devices tab on the expedition:
expedition@expedition:~$ tail /PALogs/172.16.16.5/******_traffic_2021_07_23_last_calendar_day.csv
then I tried to remove the device and added it again.
- I tried to enter the CSV path to : /PALogs/172.16.16.5/*.csv and still unable to see the files.
07-25-2021 09:00 PM
Hello @Mboghdady
Go ahead and shoot an email over to fwmigrate@paloaltonetworks.com and maybe we can set up a session to take a look at your issue.
07-30-2021 06:04 PM
Solved after upgrade the Expedition version to 1.1.105
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
