09-18-2020 09:05 AM
I have Panorama configured as a device in Expedition. Devices managed by Panorama have been imported/retrieved into the device within Expedition. Some stuff I've done/is configured:
I've also got another thread out there regarding the "process Enabled Files" option that is greyed out in this context. The only way I can process these logs is by letting the daily processing schedule catch up to them, or manually changing that schedule to be 2 min from now, for instance.
In any case, the server quickly fills up with space as logs aren't being deleted after processing. My thinking is that logs are uploaded at 1600, ACL changed at 0000, then auto processing kicking off at 0400. So far it seems to all work except the deleting part. Any tips?
09-29-2020 01:45 PM
I only have Panorama set in devices, but the managed firewalls have been retrieved within it. Goal is to take rules from panorama device groups and use ML on traffic.
There is no place to set "after processing" action for the firewall themselves in expedition when panorama is the device in question. Am I missing something there and this isn't supported in the first place?
09-29-2020 01:48 PM
Even you received the traffic log form Panorama, The ML setting you to need to check is on the FW device not on Panorama, you will make sure the ML setting is set to delete the file after processing.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!