This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Getting Log to Expediton

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Getting Log to Expediton

Brad.Herbert
L2 Linker

‎06-07-2018 05:58 AM

We have a pair of 3020's, not running HA, managed by Panorama and an M-100 setup in Log Collector Mode only.  I'm not having any luck getting my traffic logs to export to the Expedition /home/expedition/logs/ directory.  I've setup a Scheduled Log Export on my M-100 with the following:

 

Log Type - Traffic

Protocol - SCP

Hostname - my Expedition Server IP

Port - Blank

Path - /home/expedition/logs

username and password.

 

When I click the "Test SCP server connection" I get an ssh-export-test.txt file in the /home/expedition/logs/ directory.  However, when my scheduled export runs, I'm not getting the traffic logs.  

 

Anyone have a suggestion on what to look at?  I'm not seeing the issue.

 

Thanks.

0 Likes Likes
4 REPLIES 4

Brad.Herbert
L2 Linker

‎06-07-2018 09:34 AM

Update.....I have 2.8G Traffic File now in my /home/expedition/logs/ directory, verified by do an ls.  When in M. Learning, I enter the path to the file, and nothing.  I've given full permissions to everyone in ubuntu.  Anyone have any thoughts?

 

BTW, still can't get the scheduled log export to run, unless it takes 24 hours...

0 Likes Likes

Brad.Herbert
L2 Linker
In response to Brad.Herbert

‎06-07-2018 12:22 PM

Here is what I have...

 

image.png

 

But when i go to Expedition, Devices, M.Learning, set my search path, no files are listed...

 

image.png

 

 

log was sent from the Firewall, via SCP using the CLI and the default expedition username/password.  I've logged into Expedition GUI with the default admin username/password as well as created a new with admin rights, still nothing.  I'm not sure how to go about fixing this....

0 Likes Likes

Brad.Herbert
L2 Linker
In response to Brad.Herbert

‎06-08-2018 01:19 PM

As an FYI, if you are running Panorama, the Scheduled Log Export can not be added via Panorama.  You must add the Scheduled Log Export to the Remote Firewall via GUI.  Regarding the import to M.Learning, I've not figured anything out.  Of course, since it's a free tool, it looks like we're on our own for a resolution.  I can't find any reason why it's not working.

0 Likes Likes

alestevez
L7 Applicator
In response to Brad.Herbert

‎06-10-2018 01:01 AM

The Serial Used in the device needs to be present in the files loaded to Expedition, if dont match Expedition will not show you the files.

 

So if you create a panorama with the panorama serial but the logs are generated by a fw the logs wont show up unles yuo add the FW serial to your Panorama Device on Expedition as a HA Serial.

 

Best Aproach will be Add Panorama, Retrieve connected Devices, that will create all the firewalls so look for the fw you want to analyze and add inside of it the path, you should see the logs and process them

0 Likes Likes
  • 6004 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks