Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 95 replies
  • Subscribers 47 subscribers
  • Views 69210 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG Firewall 17.5: Logs are not updating on the GUI "Log Viewer"

Deepak Verma

Sophos XG firewall is offering on Device Reporting and logs, which is a good feature for all SMBs. There is another module "Sophos iView" available for logs and reporting but it is good for some critical organization or big data Center who need a lot of logs, reports, and backup of all those.   

Recently, I faced an issue as there is no log showing on the GUI "Log Viewer" but you will see all logs through the command line or some new logs on the auxiliary device but not on the primary devices (new logs not updating). This issue is reported on a virtual and hardware firewall as well. Today I am going to share how to handle this issue without book a ticket with the NOC team.

 

Issue Reported:

Logs are not updating on the GUI "Log Viewer" application of the Sophos XG firewall. 

Troubleshooting Steps:

Please read a full blog post at:

http://www.routexp.com/2019/04/sophos-xg-firewall-175-logs-are-not.html



This thread was automatically locked due to age.
Parents
  • 0

    Has anyone had this issue developing into something worse?

    For a few of our Customers where this issue is presenting it quickly/slowly develops into a Garner failure wherein you cannot even access the GUI and struggle to get access to the SSH. The only fix so far is a reboot and in the CSC logs you see a flood of repeated commits and the garner service won't even restart.

    Emile

  • 0 in reply to Emile Belcourt

    The furthest my issue got was no reports or log viewer info, I made a case with sophos and they disable notifications, then restarted garner, since then I have not seen any issues.  Although I have been thinking it might be relevant to take a test workstation and purposefully attempt connections the firewall should block to make sure the logging is accurate.  I did also receive a response from Sophos on 6/25 stating the developers are working on a potential fix for the issue.

    It would be nice to have notifications back, you would also think this is high on Sophos's priority since without logging troubleshooting can be more difficult.

     

  • 0 in reply to Badrobot

    Something happened to my XG overnight and I wasn't responsible. I am missing a couple of items from the daily report which show up in the GUI reports and I am now seeing the XG mail notification sender being correctly identified in the reports.

    Ian

Reply
  • 0 in reply to Badrobot

    Something happened to my XG overnight and I wasn't responsible. I am missing a couple of items from the daily report which show up in the GUI reports and I am now seeing the XG mail notification sender being correctly identified in the reports.

    Ian

Children