Scheduled Log Export to a AWS Expedition Server

Reply
Highlighted
L2 Linker

Scheduled Log Export to a AWS Expedition Server

Hello,

 

Does anyone know how to configure the Scheduled Log Export in a firewall to use the AWS ubuntu username and key pair?  The Expedition-LogAnalysisGuide_v1.0.2.pdf document on page 7 states to use the "expedition" username and password on the Expedition server, but our Expedition server is in AWS and uses the username is ubuntu with a key pair.  How do we export the firewall's logs to the Expedition server in AWS if we cannot use the "expedition" username and password? 

 

Thank you.    

Highlighted
L5 Sessionator

Not sure how to define in PANOS to do a log export with keys, but you should not feel restricted to use only the expedition user.

Just make sure that whatever user you are using to upload the CSV files to Expedition, would also allow www-data to read those files and to delete them (in case you want to compress or delete after processing)

You could use the groups in Linux to make sure that www-data belongs to the group of the user you select to upload the files.

Highlighted
L2 Linker

I solved the issue by editing the /etc/ssh/sshd_config, changing "PasswordAuthentication no" to "PasswordAuthentication yes", saving the file and restarting the ssh service - sudo service ssh restart.  Now the "expedition" username and passwords works properly.  The Expedition-LogAnalysisGuide_v1.0.2.pdf guide should be updated with these steps for people who use Expedition in AWS.  

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!