ML Learning Discovery: Connectors stuck on loading

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

ML Learning Discovery: Connectors stuck on loading

L3 Networker

Hi,

 

I have defined collectors in my project enable M learning for a rule, when I hit discovery i am unable to select a connector it seems to be stuck on Loading.

See attacked screenshot.  I already tried rebooting the machine, restarting processes, remove/re-create the collectors.

 

zGomez_0-1654607553994.png

RAM/CPU DISK usage all are ok.

Any help on this would be appreciated.

14 REPLIES 14

L6 Presenter

Hi @zGomez  Have you add log connector by going to "Plug-In" , click on the "+" sign to add a log connector, depends on the config , if it's panorama config, you will add panorama device and select the device group where you want to enable for M. Learning.  Please refer to the guide below:

https://live.paloaltonetworks.com/t5/expedition-articles/expedition-documentation/ta-p/215619?attach...

 

Also , if you prefer tutorial videos, you can watch the tutorial video via below link:

https://www.youtube.com/playlist?list=PLD6FJ8WNiIqXAfspousboWn6AllrOWVMi

 

L3 Networker

Hi Lychiang,

 

Yes i did define collectors under the Plug-In. 

zGomez_0-1654680946683.png

 

If you do not define a collector you get an error message no collector selected.  Now it seems to be hanging on something.

It worked before.  I am processing more logs don't now if this can be related.

But the logs are all in processed status.

 

 

Hi Lychiang,

You have an idea on how to troubleshoot this?

 

@zGomez What version of the expedition you are running ?  Also is the serial # of the firewall in the traffic log you processed match the serial # of the firewall you selected in the log connector.  Is there live connectivity to Panorama ? 

Hi Lychian,

 

I am using version 1.2.19.  The serial number matches the log connector.  I have added panorama using the API key so there is a live connectivity. 

 

Could you try to upgrade to the latest version v1.2.22 , we have some fixed related retrieving config from panorama device in this release 

Hi Lychiang,

Tnx already! Unfortunately it did not fix the problem.

@zGomez Please check serial# listed in your traffic log , and in the log connector, only selected the one firewall that matching the serial# , I seen you selected two firewalls. 

L3 Networker

@lychiang :  this is active passive firewall cluster that is why I selected 2.  I tried with one I still have the same issue.
Loading windows hanging.  

L2 Linker

Is this still an active Bug/Issue?  I am updated to latest I think and am running into the same problem.  I can analyze logs fine but then can't import or do basically anything on the right side of the ML Discovery window

Still an issue for me.

L2 Linker

OK, I messed with it for a bit and determined that if your Device Group has more than one device assigned to it then it breaks the Machine Learning function.  I don't understand why this is a limitation.  If you have Global rules that apply to multiple devices, and in my case I have one Global ruleset and no rules in the device groups the devices are assigned, then you can analyze the logs and it will do a great job of that but trying to import the rules or do anything else it will break.  I have 20 devices below my Global in individual Device Groups and if I create a connector with 20 devices using my global, it will do everything but allow me to import rules into that devicegroup.  Everything else works without this limitation, Rule Enrichment AppID adoption etc.  @lychiang Can you let us know if there is a way around this or why this is the design?

L2 Linker

I believe I have a workaround.  So I am able to do Log analysis with multiple devices in a Connector assigned Device Group, I just can't change any of the settings for Analyze Data dropdown in advance. It already has basically everything by default so that's fine.  And you just ignore the Loading Serial/Vsys thing and click Analyze Data.  Analysis completes fine with this Connector and I get my nice rules by App.  Then what I did was create a Dynamic Connector which doesn't do anything for ML,but I enable that connector anyway.  However, it keeps my previously created ML policies and opens the door to do all of the Imports.  I was able to then execute what I wanted in Import.  Hope this helps if you're stuck and maybe helps Dev team.   

Cool mate Tnx for this can we maybe talk via teams or something so you can show me what you did? Ones I am on my computer I wil check to send you a private message with my details.

  • 3947 Views
  • 14 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!