Expedition ML - not able to find the CSV files from SYSLOG

cancel
Showing results for 
Search instead for 
Did you mean: 

Expedition ML - not able to find the CSV files from SYSLOG

L1 Bithead

I'm unable to find the CSV files that were sent from the FW as (expedition is a syslog) 

below are the ML settings:

Mboghdady_0-1626744416436.png

 

Mboghdady_1-1626744492715.png

Mboghdady_2-1626744522198.png

 

------------------------------------------------------------

expedition@Expedition:/PAlogs$ ls -l
total 8
drwxrwxrwx 2 expedition www-data 4096 Jul 20 00:00 172.16.16.5
-rwxrwxrwx 1 expedition expedition 17 Jul 17 00:51 ssh-export-test.txt
expedition@Expedition:/PAlogs$

----------------------------------------

Mboghdady_3-1626744670343.png

 

1 ACCEPTED SOLUTION

Accepted Solutions

L1 Bithead

Solved after upgrade the Expedition version to 1.1.105

View solution in original post

8 REPLIES 8

L5 Sessionator

@Mboghdady Have you upgrade your ubuntu by any chance , if you did "sudo apt-get upgrade" , it will break the dependence package that required by Expedition and you will need to re-install a fresh ubuntu server. 

Hi , Thanks for your message,I usually use the below :

sudo apt-get update
sudo apt-get install expedition-beta

 

 

L1 Bithead

I can see and process all the files that exported from the FW (using Scheduled Log Export ) but still the issue on the CSV files that come from Syslog

L1 Bithead

Any suggestion?

L5 Sessionator

Expedition will check that the serial number in the log file fits with the serial number you have defined for the device in Expedition.

I would suggest two things:

- Verify you have defined the serial correctly, if not, you could enter the correct serial as a HA serial. If this work, you may consider creating the device again with the valid serial.

- If serial is already correct, you can enter the PATH as /PALogs/*.csv

Expedition will check recursively the folders and show all the files that belong to the device. If this works, please let me know and I will check if the issue is about having dots "." in the path you are providing.

L1 Bithead

Hi, 

- I have verified the serial number by checking the CSV that was received from the FW and it's the same as the configured under the Devices tab on the expedition:

expedition@expedition:~$ tail /PALogs/172.16.16.5/******_traffic_2021_07_23_last_calendar_day.csv

then I tried to remove the device and added it again.

 

- I tried to enter the CSV path to : /PALogs/172.16.16.5/*.csv and still unable to see the files.

 

 

Hello @Mboghdady 

 

Go ahead and shoot an email over to fwmigrate@paloaltonetworks.com and maybe we can set up a session to take a look at your issue.

L1 Bithead

Solved after upgrade the Expedition version to 1.1.105

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!