ML Learning Discovery: Connectors stuck on loading

zGomez · ‎06-07-2022

Hi,

I have defined collectors in my project enable M learning for a rule, when I hit discovery i am unable to select a connector it seems to be stuck on Loading.

See attacked screenshot. I already tried rebooting the machine, restarting processes, remove/re-create the collectors.

RAM/CPU DISK usage all are ok.

Any help on this would be appreciated.

lychiang · ‎06-07-2022

Hi @zGomez Have you add log connector by going to "Plug-In" , click on the "+" sign to add a log connector, depends on the config , if it's panorama config, you will add panorama device and select the device group where you want to enable for M. Learning. Please refer to the guide below:

https://live.paloaltonetworks.com/t5/expedition-articles/expedition-documentation/ta-p/215619?attach...

Also , if you prefer tutorial videos, you can watch the tutorial video via below link:

https://www.youtube.com/playlist?list=PLD6FJ8WNiIqXAfspousboWn6AllrOWVMi

zGomez · ‎06-08-2022

Hi Lychiang,

Yes i did define collectors under the Plug-In.

If you do not define a collector you get an error message no collector selected. Now it seems to be hanging on something.

It worked before. I am processing more logs don't now if this can be related.

But the logs are all in processed status.

zGomez · ‎06-09-2022

Hi Lychiang,

You have an idea on how to troubleshoot this?

lychiang · ‎06-09-2022

@zGomez What version of the expedition you are running ? Also is the serial # of the firewall in the traffic log you processed match the serial # of the firewall you selected in the log connector. Is there live connectivity to Panorama ?

zGomez · ‎06-09-2022

Hi Lychian,

I am using version 1.2.19. The serial number matches the log connector. I have added panorama using the API key so there is a live connectivity.

lychiang · ‎06-10-2022

Could you try to upgrade to the latest version v1.2.22 , we have some fixed related retrieving config from panorama device in this release

zGomez · ‎06-12-2022

Hi Lychiang,

Tnx already! Unfortunately it did not fix the problem.

lychiang · ‎06-13-2022

@zGomez Please check serial# listed in your traffic log , and in the log connector, only selected the one firewall that matching the serial# , I seen you selected two firewalls.

zGomez · ‎06-13-2022

@lychiang : this is active passive firewall cluster that is why I selected 2. I tried with one I still have the same issue.
Loading windows hanging.

ShawnSlater · ‎07-27-2022

Is this still an active Bug/Issue? I am updated to latest I think and am running into the same problem. I can analyze logs fine but then can't import or do basically anything on the right side of the ML Discovery window

zGomez · ‎07-27-2022

Still an issue for me.

ShawnSlater · ‎07-28-2022

OK, I messed with it for a bit and determined that if your Device Group has more than one device assigned to it then it breaks the Machine Learning function. I don't understand why this is a limitation. If you have Global rules that apply to multiple devices, and in my case I have one Global ruleset and no rules in the device groups the devices are assigned, then you can analyze the logs and it will do a great job of that but trying to import the rules or do anything else it will break. I have 20 devices below my Global in individual Device Groups and if I create a connector with 20 devices using my global, it will do everything but allow me to import rules into that devicegroup. Everything else works without this limitation, Rule Enrichment AppID adoption etc. @lychiang Can you let us know if there is a way around this or why this is the design?

ShawnSlater · ‎07-29-2022

I believe I have a workaround. So I am able to do Log analysis with multiple devices in a Connector assigned Device Group, I just can't change any of the settings for Analyze Data dropdown in advance. It already has basically everything by default so that's fine. And you just ignore the Loading Serial/Vsys thing and click Analyze Data. Analysis completes fine with this Connector and I get my nice rules by App. Then what I did was create a Dynamic Connector which doesn't do anything for ML,but I enable that connector anyway. However, it keeps my previously created ML policies and opens the door to do all of the Imports. I was able to then execute what I wanted in Import. Hope this helps if you're stuck and maybe helps Dev team.

zGomez · ‎07-29-2022

Cool mate Tnx for this can we maybe talk via teams or something so you can show me what you did? Ones I am on my computer I wil check to send you a private message with my details.

ML Learning Discovery: Connectors stuck on loading

ML Learning Discovery: Connectors stuck on loading

Show your appreciation!