Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 2 answers
  • Subscribers 29 subscribers
  • Views 763 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophox XG v17.5.12 Accessing logs older than 6 hours

Marty Johnson

Hi,

We are trying to access logs through the log viewer older than what is visible in there. We can see the data in the reports but that doesn't have detailed information. I have grep'd the /log/ directory for things that I can see in the log viewer I can't find them. I was wondering if there is a way to access the internal postgres reporting server? I tried connecting to it but I'm assuming it needs some credentials but I can't find anything on the web. Thanks.



This thread was automatically locked due to age.
  • 0

    Just keep scrolling. The performance will depend on your model XG. All the one series are quite slow.

    ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Hi,

    Yep, I kept scrolling right to the end. It may be that I've reached the limit of the logs but I kept scrolling until it hard stopped (no movement for a while). Really looking to find access to the data source. Cheers.

  • 0

    You have the /log/ and the Postgres Database of Logviewer.

    If both does not cover the data, i highly recommend to implement Sophos Central Firewall Reporting or a Syslog Server, as the appliance does not cover all log files on your appliance. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Sometimes the logviewer just does'nt load old data. Have seen this between two months like there was a soft limit so that it didn't load old data.

    how to extract that data from postgres db? just pushing to central logging does'nt seem fair. Sometimes we're lost here.

  • 0

    Hello Marty,

    Thank you for contacting the Sophos Community!

    Adding to all the tips that have been mentioned here, there are some logs with an extension .0 for example strongswan.log might have strongswan.log.0 you can also open this and you fill find logs older, but this also rotates as the main log fills up! 

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.