Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 95 replies
  • Subscribers 47 subscribers
  • Views 69318 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG Firewall 17.5: Logs are not updating on the GUI "Log Viewer"

Deepak Verma

Sophos XG firewall is offering on Device Reporting and logs, which is a good feature for all SMBs. There is another module "Sophos iView" available for logs and reporting but it is good for some critical organization or big data Center who need a lot of logs, reports, and backup of all those.   

Recently, I faced an issue as there is no log showing on the GUI "Log Viewer" but you will see all logs through the command line or some new logs on the auxiliary device but not on the primary devices (new logs not updating). This issue is reported on a virtual and hardware firewall as well. Today I am going to share how to handle this issue without book a ticket with the NOC team.

 

Issue Reported:

Logs are not updating on the GUI "Log Viewer" application of the Sophos XG firewall. 

Troubleshooting Steps:

Please read a full blog post at:

http://www.routexp.com/2019/04/sophos-xg-firewall-175-logs-are-not.html



This thread was automatically locked due to age.
  • 0 in reply to rfcat_vk

    Can't see any changes in mine.

     

    My issue is when Garner fails it can't identify users so all my web policies become useless as they flow out the last rule :-(

    Sophos XG 450 (SFOS 18.5.1 MR-1)

    Sophos R.E.D 50 x 2

    Always configuring new stuff.....

  • 0 in reply to M8ey

    I don't have that issue I suspect because I am using clientless users.

    Strange since I wrote the original message the bad behaviour has returned.

    Ian

    Update:- I was wrong with the clientless answer bit, the daily reports are now missing the user  (clientless) traffic count.

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Broken again today.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Hi,

    XG125,XG105 / SFOS 17.5.6 MR6 - event logging is blocked every now and then. It is necessary to restart the "garner service" or device. It seems that Sophos did not remove in the new version (MR6) almost any errors signaled for months on the forum (log, notifications, DHCP, etc).

    Regards
    Jan

  • 0

    Garner is crashing about every 3-4 days on my XG450 and using MR-6

    Do we know what is actually causing the crash of Garner?

     

    Bit of a pain in the butt :-(

    Sophos XG 450 (SFOS 18.5.1 MR-1)

    Sophos R.E.D 50 x 2

    Always configuring new stuff.....

  • 0

    This is very frustrating, we experience the issue for over the month now and have been promised to be fixed in MR6, and the issue is still present with no timeline when it will be fixed.

    We are new Sophos customer and I'm slowly regretting that we switched to Sophos. All three firewalls we did purchase (2 XG 230 and 1 XG 310) did suffer with this issue from very begging of implementation and from cyber security and audit point of view this is unacceptable and shocking. How can they accept such a fundamental issue and do nothing about it - this should be highest priority for them right now!

  • 0 in reply to M8ey

    Soon as I turn on the following 2 settings it will crash after a few days. This is on MR5. I have not had chance to try this on MR6.

    If I turn them off and then restart services all is fine.

     

    Administration > Notification settings

    IPsec tunnel up/down

    Email alert notifications

  • 0 in reply to SPY3

    SPY3 said:
    Email alert notifications

     

    Cool - I will turn them off and see if it stops the crash in MR-6

    Sophos XG 450 (SFOS 18.5.1 MR-1)

    Sophos R.E.D 50 x 2

    Always configuring new stuff.....

  • 0 in reply to M8ey

    Email notification have stop working randomly here. Since MR5 ( or maybe MR4)

    Paul Jr

  • 0 in reply to rfcat_vk

     Restart Garner Service:  Login to XG Console> Select Option 5 Device Management> Select Option 3 Advanced Shell

    Execute the following command: service garner:restart -ds nosync

Cookie Information Banner