Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 7 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 15914 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Logging and reporting not available for the past week?

Krister Johnson

Our XG210 stopped updating logs and reports on 1/22. The log viewer and reporting viewer functions still work, but no new information shows up. Logging/reporting settings haven't changed. I have tried turning logs off and then back on, but did not make a difference. Any tips on what I should look at/how to trouble shoot this?



This thread was automatically locked due to age.
  • 0

    Not sure if this is related, but I'm looking in /var/tslog and fwlog.log and fwlog.log.0 are completely full of rows and rows of this:
    "garner: connect(/tmp/garner.sock) failed: Resource temporarily unavailable"

  • +1 in reply to Krister Johnson

    I ran "flush device reports" from the console and after the box came back up, logging seems to be working.

  • 0

    Having exactly the same issue but with different error message:

     connect(/tmp/garner.sock) failed: Connection refused

    How to overcome that? It's really disturbing the experience, was working until MR5 without any problems, nothing changed in the settings.

    Please help.

    Best regards

  • FormerMember
    0 FormerMember

    Hi,

    Please refer Sophos XG Firewall: How to troubleshoot on-box reporting issues for troubleshooting such kind of issue.

    I think that the issue you had faced may be because "Report-Partition-Usage Percentage had exceeded its Watermark Percentage", due to which XG firewall may have stopped displaying reports as per its behavior.

    You can check this percentage values in the console of the firewall using commands,
    console> show report-disk-usage watermark
    &
    console> system diagnostics show disk

    Now to start the reporting back we need to reduce the report-disk-usage to be less than the watermark.

    @Krister - I think what you did with "Flush Device Reports" was to clear the report partition to 0%, which indirectly resolved it as it would make report-disk-usage less than watermark percentage. Though this is not a feasible solution for all to clear all the reports.

    You can also somewhat prevent this from re-occurring, by reducing the Log Retention Period under "Reports > Show Reports Settings > Data Management" from 6months to 3months or less for some modules.

    The other troubleshooting steps are already mentioned in the referred article.

    Cheers J

  • 0 in reply to FormerMember

    hi hrardik_vora,

    thanks for your reply. My watermark percentage shows 80% my reports disk usage shows 1% (i purged already the reports), i also followed up excatly the guide you posted.

    on-box-reporting is on - garner service starts and stops

    i find this error in garner.log

    IP:-127.0.0.1:6061,data:select count(*) from tblliveuser
    CRITICAL  Mar 18 19:11:54 [4140706624]: sigsegv_dump: Segmentation Fault
    CRITICAL  Mar 18 19:11:54 [4140706624]: 0xf722a88f
    CRITICAL  Mar 18 19:11:54 [4140706624]: 0xf722f4f0
    CRITICAL  Mar 18 19:11:54 [4140706624]: 0xf7220b8b
    CRITICAL  Mar 18 19:11:54 [4140706624]: 0xf7220987
    CRITICAL  Mar 18 19:11:54 [4140706624]: 0xf72208ca
    CRITICAL  Mar 18 19:11:54 [4140706624]: 0xf7220654
    CRITICAL  Mar 18 19:11:54 [4140706624]: 0xf7226f28
    CRITICAL  Mar 18 19:11:54 [4140706624]: 0xf72203a7
    CRITICAL  Mar 18 19:11:54 [4140706624]: 0xf7462f5a
    CRITICAL  Mar 18 19:11:54 [4140706624]: sigsegv_dump: End of dump

    i use a ssd as main drive - is a hardware failure a possibility ?

    best regards

    hoep

  • 0 in reply to FormerMember

    i now found out, that reporting starts working, when i disable snmp.

    i found these lines in the garner.log, which made me disabling snmp (which i would still need for reporting). Any hints on that ?

    ERROR     Mar 19 09:46:46 [4146415424]: Hash table: Not Expanding the size of Bucket from 256
    ERROR     Mar 19 09:46:46 [4146415424]: Hash table: Not Expanding the size of Bucket from 256
    ERROR     [CRFORMATTER] Mar 19 09:46:46 [4146415424]: crformatter_parse_conffile: parsing successfull
    ERROR     Mar 19 09:46:46 [4146415424]: handle_accept: write() failed during handshake: Broken pipe
    ERROR     Mar 19 09:46:46 [4146415424]: handle_accept: write() failed during handshake: Broken pipe
    nvram_get failed with -12
    ERROR     Mar 19 09:46:47 [4140346176]: read_reg_info: 'nvram get mod.supp8x5' failed
    ERROR     Mar 19 09:46:47 [4140346176]: who_was_it: 'nvram get mod.supp8x5' terminated with exit code 244
    ERROR     Mar 19 09:46:47 [4140346176]: snmp_av_license: read_reg_info failed for 'supp8x5'
    nvram_get failed with -12
    ERROR     Mar 19 09:46:47 [4140346176]: read_reg_info: 'nvram get mod.24x7' failed
    ERROR     Mar 19 09:46:47 [4140346176]: who_was_it: 'nvram get mod.24x7' terminated with exit code 244
    ERROR     Mar 19 09:46:47 [4140346176]: snmp_av_license: read_reg_info failed '24x7'
    ERROR     Mar 19 09:46:47 [4140346176]: snmp_support_license: Invalid support status found
    nvram_get failed with -12
    ERROR     Mar 19 09:46:53 [4140346176]: read_reg_info: 'nvram get mod.webfilter' failed
    ERROR     Mar 19 09:46:53 [4140346176]: who_was_it: 'nvram get mod.webfilter' terminated with exit code 244
    ERROR     Mar 19 09:46:53 [4140346176]: snmp_av_license: read_reg_info failed

    IP:-127.0.0.1:6061,data:select count(*) from tblliveuser
    nvram_get failed with -12