Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 7 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 15915 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Logging and reporting not available for the past week?

Krister Johnson

Our XG210 stopped updating logs and reports on 1/22. The log viewer and reporting viewer functions still work, but no new information shows up. Logging/reporting settings haven't changed. I have tried turning logs off and then back on, but did not make a difference. Any tips on what I should look at/how to trouble shoot this?



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi,

    Please refer Sophos XG Firewall: How to troubleshoot on-box reporting issues for troubleshooting such kind of issue.

    I think that the issue you had faced may be because "Report-Partition-Usage Percentage had exceeded its Watermark Percentage", due to which XG firewall may have stopped displaying reports as per its behavior.

    You can check this percentage values in the console of the firewall using commands,
    console> show report-disk-usage watermark
    &
    console> system diagnostics show disk

    Now to start the reporting back we need to reduce the report-disk-usage to be less than the watermark.

    @Krister - I think what you did with "Flush Device Reports" was to clear the report partition to 0%, which indirectly resolved it as it would make report-disk-usage less than watermark percentage. Though this is not a feasible solution for all to clear all the reports.

    You can also somewhat prevent this from re-occurring, by reducing the Log Retention Period under "Reports > Show Reports Settings > Data Management" from 6months to 3months or less for some modules.

    The other troubleshooting steps are already mentioned in the referred article.

    Cheers J

  • 0 in reply to FormerMember

    i now found out, that reporting starts working, when i disable snmp.

    i found these lines in the garner.log, which made me disabling snmp (which i would still need for reporting). Any hints on that ?

    ERROR     Mar 19 09:46:46 [4146415424]: Hash table: Not Expanding the size of Bucket from 256
    ERROR     Mar 19 09:46:46 [4146415424]: Hash table: Not Expanding the size of Bucket from 256
    ERROR     [CRFORMATTER] Mar 19 09:46:46 [4146415424]: crformatter_parse_conffile: parsing successfull
    ERROR     Mar 19 09:46:46 [4146415424]: handle_accept: write() failed during handshake: Broken pipe
    ERROR     Mar 19 09:46:46 [4146415424]: handle_accept: write() failed during handshake: Broken pipe
    nvram_get failed with -12
    ERROR     Mar 19 09:46:47 [4140346176]: read_reg_info: 'nvram get mod.supp8x5' failed
    ERROR     Mar 19 09:46:47 [4140346176]: who_was_it: 'nvram get mod.supp8x5' terminated with exit code 244
    ERROR     Mar 19 09:46:47 [4140346176]: snmp_av_license: read_reg_info failed for 'supp8x5'
    nvram_get failed with -12
    ERROR     Mar 19 09:46:47 [4140346176]: read_reg_info: 'nvram get mod.24x7' failed
    ERROR     Mar 19 09:46:47 [4140346176]: who_was_it: 'nvram get mod.24x7' terminated with exit code 244
    ERROR     Mar 19 09:46:47 [4140346176]: snmp_av_license: read_reg_info failed '24x7'
    ERROR     Mar 19 09:46:47 [4140346176]: snmp_support_license: Invalid support status found
    nvram_get failed with -12
    ERROR     Mar 19 09:46:53 [4140346176]: read_reg_info: 'nvram get mod.webfilter' failed
    ERROR     Mar 19 09:46:53 [4140346176]: who_was_it: 'nvram get mod.webfilter' terminated with exit code 244
    ERROR     Mar 19 09:46:53 [4140346176]: snmp_av_license: read_reg_info failed

    IP:-127.0.0.1:6061,data:select count(*) from tblliveuser
    nvram_get failed with -12

Reply
  • 0 in reply to FormerMember

    i now found out, that reporting starts working, when i disable snmp.

    i found these lines in the garner.log, which made me disabling snmp (which i would still need for reporting). Any hints on that ?

    ERROR     Mar 19 09:46:46 [4146415424]: Hash table: Not Expanding the size of Bucket from 256
    ERROR     Mar 19 09:46:46 [4146415424]: Hash table: Not Expanding the size of Bucket from 256
    ERROR     [CRFORMATTER] Mar 19 09:46:46 [4146415424]: crformatter_parse_conffile: parsing successfull
    ERROR     Mar 19 09:46:46 [4146415424]: handle_accept: write() failed during handshake: Broken pipe
    ERROR     Mar 19 09:46:46 [4146415424]: handle_accept: write() failed during handshake: Broken pipe
    nvram_get failed with -12
    ERROR     Mar 19 09:46:47 [4140346176]: read_reg_info: 'nvram get mod.supp8x5' failed
    ERROR     Mar 19 09:46:47 [4140346176]: who_was_it: 'nvram get mod.supp8x5' terminated with exit code 244
    ERROR     Mar 19 09:46:47 [4140346176]: snmp_av_license: read_reg_info failed for 'supp8x5'
    nvram_get failed with -12
    ERROR     Mar 19 09:46:47 [4140346176]: read_reg_info: 'nvram get mod.24x7' failed
    ERROR     Mar 19 09:46:47 [4140346176]: who_was_it: 'nvram get mod.24x7' terminated with exit code 244
    ERROR     Mar 19 09:46:47 [4140346176]: snmp_av_license: read_reg_info failed '24x7'
    ERROR     Mar 19 09:46:47 [4140346176]: snmp_support_license: Invalid support status found
    nvram_get failed with -12
    ERROR     Mar 19 09:46:53 [4140346176]: read_reg_info: 'nvram get mod.webfilter' failed
    ERROR     Mar 19 09:46:53 [4140346176]: who_was_it: 'nvram get mod.webfilter' terminated with exit code 244
    ERROR     Mar 19 09:46:53 [4140346176]: snmp_av_license: read_reg_info failed

    IP:-127.0.0.1:6061,data:select count(*) from tblliveuser
    nvram_get failed with -12

Children
No Data