Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 12 replies
  • Subscribers 1 subscriber
  • Views 8965 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Message Relay function

Azwan

Hi All,

As per subject above appreciate if someone can guide or explanation regarding message relay e.g message relay frequent udate or how it relay endpoint message once receive. 

Reason is customer informed that  console status didn't tally/reported back to console, example trying to performed device exemption on console once user plugin USB device and blocked however consolde didn't receive the message .

Restarting services below are also didn't have any effect when try to exempt device as mention above. Thanks

-----------------------------------------

Stop the "Agent" service
Stop the "Sophos Message Router" service

C:\ProgramData\Sophos\Remote Management System\3\Router\Envelopes
Delete all msg files present

C:\ProgramData\Sophos\Remote Management System\3\Router
Delete 'table_router.txt'

Start the "Agent" service
Start the "Sophos Message Router" service

---------------------------------------------------------

Console:

Windows Win2008

Sophos Enterprise Console v5

MSSQL 2008 R2

8192-8193,8194 open

Relay server:

Windows 2003

8192-8193,8194 open

:26995


This thread was automatically locked due to age.
Parents
  • 0

    That's not unreasonable high and normally you shouldn't encounter (permanent) issues just because of the number of clients, Azwan. Of course it depends, on the resources available, the client activity and also on the history. I can imagine both permanent and temporary issues - thus if you regularly encounter long delays in getting events/alerts from the clients to the console (perhaps at certain times) you might have to look into the issue. While the system is quite robust and all you need to do to clear occasional backlogs is simply wait a few minutes, there might also be exceptional situations - once or twice I had a client cycling though detection/cleanup at a rate of several events/second, almost but not completely bringing SEC to its knees. (Almost) "Invisible" items like the event and alert history or a high number of deleted computers might adversely affect performance.

    Christian     

    :27029
Reply
  • 0

    That's not unreasonable high and normally you shouldn't encounter (permanent) issues just because of the number of clients, Azwan. Of course it depends, on the resources available, the client activity and also on the history. I can imagine both permanent and temporary issues - thus if you regularly encounter long delays in getting events/alerts from the clients to the console (perhaps at certain times) you might have to look into the issue. While the system is quite robust and all you need to do to clear occasional backlogs is simply wait a few minutes, there might also be exceptional situations - once or twice I had a client cycling though detection/cleanup at a rate of several events/second, almost but not completely bringing SEC to its knees. (Almost) "Invisible" items like the event and alert history or a high number of deleted computers might adversely affect performance.

    Christian     

    :27029
Children
No Data