04-03-2025 08:51 AM
Panorama M600 PANOS v11.2.4-h2
Firewall PA-3260 PANOS v10.1.7
Expedition VM v1.2.102
Let me preface this with I need the logs from Panorama (30 Days) because the local Firewall does not store that many days worth... and syslog isn't an option.
If I export from Firewall, Expedition supports and processes successfully. If I export from Panorama, Expedition reports 'unsupported'.
As an attempt to circumvent Expedition, I compared the two .csv files and changed Panorama to match:
- remove (5) Panorama columns (not in Firewall .csv)
AI Traffic
AI Forward Error
flow_type
cluster_name
K8S Cluster ID
- delete data in column ‘XFF address’ to match Firewall
- change ‘Domain’ column data from ‘0’ to ‘1’
- change ‘Config Version’ column from ‘0’ ‘2561’ to match Firewall
** This allowed Expedition to recognize the file and start the processing, however, it still fails to fully complete the processing.
Is this an Expedition bug?
Is there another way around the issue?
Is there something I'm missing in the Panorama .csv file that I can change to allow Expedition to process it successfully?
How does Expedition distinguish a file from Panorama verse a file from the Firewall?
I've attached a sample of the Panorama exported firewall traffic logs .csv file for review (in .ZIP).
** some information skewed and/or renamed in file to make data generic
Any assistance and direction is helpful and appreciated!
Thank you.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
