Header Ads


Articles
recent

Sophos XG Firewall 17.5: Logs are not updating on the GUI "Log Viewer"


Sophos XG firewall is offering on Device Reporting and logs, which is a good feature for all SMBs. There is another module "Sophos iView"  is available for logs and reporting but it is good for some critical organisation or big data Center who need a lot of logs, reports, and backup of all those.   

Recently, I faced an issue as there is no log showing on the GUI "Log Viewer" but you will see all logs through the command line or some logs on the auxiliary device but not on the primary devices. This issue is reported on a virtual and hardware firewall as well. Today I am going to share how to handle this issue without book a ticket with the NOC team.

Issue Reported:
Logs are not updating on the GUI "Log Viewer" application of the Sophos XG firewall. 

Troubleshooting Steps:
  • You must verify that the required logs are enabled on the policy. Please navigate to System Services> Log Setting> and verify that you have enabled logs in it.
  • Verify Disk space uses Login to XG Console> Select Option 4:  Device   Console
  • Execute the following command: system diagnostics show disk
Fig 1.1- Sophos Dashboard
Here you must be noted down that Sophos is configured some disk uses limit as:
  • If report use is 80% or higher the firewall will stop displaying reports.
  • If report use is 90% or higher the report database service is possibly dead.
If the Disk is full then you need to delete old logs manually. Use Monitor & analyze > Reports > Settings > Manual Purge.
To delete logs manually up to last 2 months. or you can use the CLI menu as well.

Purging of logs may take 4-5 hours.

Restart the garner Service. Be honest, I found that every time the Garner service was hanged or stopped due to some issue. Really I don't know the root cause. Why this service is getting hanged or not responding?

Fig 1.2- Sophos Console 
 Restart Garner Service:  Login to XG Console> Select Option 5 Device Management> Select Option 3 Advanced Shell
Execute the following command: service garner:restart -ds nosync

Note: As a result must see an output as "OK"

An Article By Deepak Kumar 
Linkedin: https://www.linkedin.com/in/engdeepak/

Twitter: https://twitter.com/Deepakkhw
Powered by Blogger.