ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.
We have a pair of 3020's, not running HA, managed by Panorama and an M-100 setup in Log Collector Mode only. I'm not having any luck getting my traffic logs to export to the Expedition /home/expedition/logs/ directory. I've setup a Scheduled Log Export on my M-100 with the following:
Log Type - Traffic
Protocol - SCP
Hostname - my Expedition Server IP
Port - Blank
Path - /home/expedition/logs
username and password.
When I click the "Test SCP server connection" I get an ssh-export-test.txt file in the /home/expedition/logs/ directory. However, when my scheduled export runs, I'm not getting the traffic logs.
Anyone have a suggestion on what to look at? I'm not seeing the issue.
Update.....I have 2.8G Traffic File now in my /home/expedition/logs/ directory, verified by do an ls. When in M. Learning, I enter the path to the file, and nothing. I've given full permissions to everyone in ubuntu. Anyone have any thoughts?
BTW, still can't get the scheduled log export to run, unless it takes 24 hours...
Here is what I have...
But when i go to Expedition, Devices, M.Learning, set my search path, no files are listed...
log was sent from the Firewall, via SCP using the CLI and the default expedition username/password. I've logged into Expedition GUI with the default admin username/password as well as created a new with admin rights, still nothing. I'm not sure how to go about fixing this....
As an FYI, if you are running Panorama, the Scheduled Log Export can not be added via Panorama. You must add the Scheduled Log Export to the Remote Firewall via GUI. Regarding the import to M.Learning, I've not figured anything out. Of course, since it's a free tool, it looks like we're on our own for a resolution. I can't find any reason why it's not working.
The Serial Used in the device needs to be present in the files loaded to Expedition, if dont match Expedition will not show you the files.
So if you create a panorama with the panorama serial but the logs are generated by a fw the logs wont show up unles yuo add the FW serial to your Panorama Device on Expedition as a HA Serial.
Best Aproach will be Add Panorama, Retrieve connected Devices, that will create all the firewalls so look for the fw you want to analyze and add inside of it the path, you should see the logs and process them
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!