10-17-2018 06:04 AM
Hi all,
I sucessfully exported the logs from my PA200 (currently on release 7.1.16) via SCP to the PALogs folder.
Expedition can find the files but when I do the "Process Files" I get the dreaded "No supported files to process". Can I get an hint on what am I doing wrong here?
10-17-2018 06:42 AM
Got it. permissions on the folder !
same issue as this: https://live.paloaltonetworks.com/t5/Expedition-Discussions/Expedition-csv-logs-stuck-in-pending/m-p...
10-17-2018 06:42 AM
Got it. permissions on the folder !
same issue as this: https://live.paloaltonetworks.com/t5/Expedition-Discussions/Expedition-csv-logs-stuck-in-pending/m-p...
10-23-2018 03:16 AM
Hey @Bruno_Alipio
How did you manage to resolve this? We are facing the same thing?
the ML temp folder is owned by www-data, same with the PALogs folder but we're still having the issue of "no supported files to process"
10-23-2018 06:38 AM
Hi @LukeBullimore,
Im not facing the issue anymore. I have my directory structure /PALogs/PaloAltoSCP owned by "expediton" and everything is running ok now.
For the first "process files" I had to change the owner to www-data:www-data but after that reverted back to expedition:expedition (to let the NGFW device export the logs directly via SCP) and everything is running fine. I now can have the new exports on this directory, have expedition finding them and processing without issues.
Hope this helps.
10-23-2018 08:08 AM
Hey @Bruno_Alipio
Thanks for your response!
In our particular issue, this was failing because a lot of our logs included IPv6 and Expedition does not currently support IPv6 for ML. Many thanks to Albert for looking at it with us 🙂
Cheers,
Luke.
10-31-2018 12:23 PM
I am having the same issue, but the reported solutions are not working for me.
I am running version 107.
User and groups are as required:
ls -l /PALogs/
-rw-rw-r-- 1 www-data www-data 27064162 Oct 30 17:49 XXX.csv
I commened out the bind statement mysql.cnf and restarted mysqld:
#bind-address = 127.0.0.1
yet I'm still getting this error. Is there any log to check why this is happening?
10-31-2018 12:47 PM
Hey @mrzepa2
After typing in the /PALogs/* directory, click the save button. Open up the device then ML tab again and try to process the logs, whilst doing so, look in the below log folder:
/tmp/error_logCoCo
10-31-2018 01:12 PM
Thanks. That did the trick.
09-08-2019 10:04 PM
Hi what is the resolution here?
I've tried all permutations of directory/file permissions.
I'm using the latest version of Expedition. I've imported Panorama and collected all its managed device. I've exporet logs from both the firewall and panorama and the ml.learning tab sees the files and can determined the PAN-OS version (so I'm thinking they are fine) but same error.
no files in /tmp.
How can I troubelshoot this further? Is there a debug mode?
Thanks for any advices.
Cheers,
Simon
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
