Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 95 replies
  • Subscribers 47 subscribers
  • Views 69245 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG Firewall 17.5: Logs are not updating on the GUI "Log Viewer"

Deepak Verma

Sophos XG firewall is offering on Device Reporting and logs, which is a good feature for all SMBs. There is another module "Sophos iView" available for logs and reporting but it is good for some critical organization or big data Center who need a lot of logs, reports, and backup of all those.   

Recently, I faced an issue as there is no log showing on the GUI "Log Viewer" but you will see all logs through the command line or some new logs on the auxiliary device but not on the primary devices (new logs not updating). This issue is reported on a virtual and hardware firewall as well. Today I am going to share how to handle this issue without book a ticket with the NOC team.

 

Issue Reported:

Logs are not updating on the GUI "Log Viewer" application of the Sophos XG firewall. 

Troubleshooting Steps:

Please read a full blog post at:

http://www.routexp.com/2019/04/sophos-xg-firewall-175-logs-are-not.html



This thread was automatically locked due to age.
  • 0 in reply to rfcat_vk

    May be it depend what kind of issue actually we facing.

    After checking below output they decided to patch it:

    (gdb) bt

    #0  0xf732e471 in poll () from target:/lib/libc.so.6
    #1  0xf72572cf in ?? () from target:/lib/libpq.so.5
    #2  0xf72571b0 in ?? () from target:/lib/libpq.so.5
    #3  0xf725709a in ?? () from target:/lib/libpq.so.5
    #4  0xf7257062 in ?? () from target:/lib/libpq.so.5
    #5  0xf7253457 in PQgetResult () from target:/lib/libpq.so.5
    #6  0xf7253ae1 in ?? () from target:/lib/libpq.so.5
    #7  0xf7253753 in PQexec () from target:/lib/libpq.so.5
    #8  0xf6f99679 in process_pgsql_query (conn_handle=0xa2100a8, query=0xffd65688 "END;", r_set=0x0) at postgres_db.c:585
    #9  0xf6f99a86 in end_transaction (conn_handle=0xa2100a8) at postgres_db.c:701
    #10 0xf6f9a26b in move_table_to_usedqueue (db=0x9e55234, table=0x9e55220) at postgres_db.c:927
    #11 0xf6f943fb in oppostgres_event (handle=0x9ed7f90) at oppostgres.c:477
    #12 0xf6f94253 in oppostgres_output (searray=0xf44de008, nse=1, output_data_list=0xffd667b8, handle=0x9ed7f90) at oppostgres.c:435
    #13 0x08051844 in check_conditions ()
    #14 0x080518e5 in check_conditions ()
    #15 0x080519de in process_std_events ()
    #16 0x08051a71 in ?? ()
    #17 0x08052309 in handle_accept_udp ()
    #18 0x080542b5 in do_epoll ()
    #19 0x08054717 in parent_main ()
    #20 0x080550dc in garner_main ()
    #21 0x08055113 in main ()

  • 0 in reply to Ravindra Jangir

    I would be surprised seeing the issue is temporarily resolved by disabling certain notifications.

    Ian

  • 0 in reply to LuCar Toni

    This KB is added newly, it was not there before.  I raised this issue on 17-July-2019 and patched installed on 19-July-2019 on my device (XG750)

  • 0

    Hi,

    There is no improvement on SFOS 17.5.7 MR-7 and as per community post, Sophos is will fix this issue in release version 18.  

  • 0 in reply to Deepak Verma

    I would not bet anything on this ...  We are way too far for v18.  The beta has not even been released.

    There will be an MR8.  And MR9. et.c.

    My two cents.

    Paul Jr.

  • 0 in reply to Big_Buck

    KBA clearly state:

    https://community.sophos.com/kb/en-us/134173

    Current Status

    This is a known issue , patch is available .

    Affected customers could contact support for installing the patch .

    The issue would be fixed in the next maintenance release v17.5 MR-8 .

  • 0 in reply to LuCar Toni

    Hello Lucar

    Thanks for answering and helping.

    Are you refering to the general log viewer problem or the more specific one I have mentionned on the 2019-7-18 8:57 PM (rule 36 not showing) ?

    I've raised a case many months ago regarding a very similar issue.  A cleanup rule not showing.  Sophos never solved it.  The nonsense way rule 0 behave is normal to them.  I toasted many hours on that one too.

    As KB134173, it should not be, but everyone who owns a Sophos XG already knows the command "service garner:restart -ds nosync" by now ...

    Paul Jr 

  • 0

    I have a similar problem with the live log viewer.

    nog logs are being showed, after a reboot / upgrade last wednesday to firmware version 17.5.7 the live log viewer worked for 3 hours and then stopped again with the logging.
    hard drive has space enough.

     

  • 0 in reply to Kevin Paulusse

    You can try this workaround, just disablemail notification and restarting of garner service then check log and report are or not.