Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 12 replies
  • Subscribers 1 subscriber
  • Views 8954 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Message Relay function

Azwan

Hi All,

As per subject above appreciate if someone can guide or explanation regarding message relay e.g message relay frequent udate or how it relay endpoint message once receive. 

Reason is customer informed that  console status didn't tally/reported back to console, example trying to performed device exemption on console once user plugin USB device and blocked however consolde didn't receive the message .

Restarting services below are also didn't have any effect when try to exempt device as mention above. Thanks

-----------------------------------------

Stop the "Agent" service
Stop the "Sophos Message Router" service

C:\ProgramData\Sophos\Remote Management System\3\Router\Envelopes
Delete all msg files present

C:\ProgramData\Sophos\Remote Management System\3\Router
Delete 'table_router.txt'

Start the "Agent" service
Start the "Sophos Message Router" service

---------------------------------------------------------

Console:

Windows Win2008

Sophos Enterprise Console v5

MSSQL 2008 R2

8192-8193,8194 open

Relay server:

Windows 2003

8192-8193,8194 open

:26995


This thread was automatically locked due to age.
  • 0

    That's not unreasonable high and normally you shouldn't encounter (permanent) issues just because of the number of clients, Azwan. Of course it depends, on the resources available, the client activity and also on the history. I can imagine both permanent and temporary issues - thus if you regularly encounter long delays in getting events/alerts from the clients to the console (perhaps at certain times) you might have to look into the issue. While the system is quite robust and all you need to do to clear occasional backlogs is simply wait a few minutes, there might also be exceptional situations - once or twice I had a client cycling though detection/cleanup at a rate of several events/second, almost but not completely bringing SEC to its knees. (Almost) "Invisible" items like the event and alert history or a high number of deleted computers might adversely affect performance.

    Christian     

    :27029
  • 0

    Hi Christian,

    Agreed....depends on client enviroment + customer knowdledge of sophos Endpoint works. sometimes customer who didn't understand technicality of the issue will questioned even simple issue such as "why this error didn't appear in console" whereby sophos endpoint actualy consider the threat is not  a high risk/oustanding or temporary issue just like we discuss.

    However I understand from customer point of view on high expectation on Sophos to protect their enviroment which is the reason why they chose Sophos endpoint rather than other security product. I'll look and verify the root cause issue starting from endpoint to relay server .

    :27033