Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 27 subscribers
  • Views 1299 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Issue with my SOPHOS XG 310 Network Connection sudden restart

Rodney Altamera

Hi to all Sophos Specialist,

Good day.

I would like to report the issue I encountered yesterday with my enterprise Firewall. During the middle of the night our internet connection got lost. Upon checking further I found there was no issue with our primary and backup ISP (Internet Service Provider) connection. I tried to dig deeper and found out that the firewall restarted. BUt the only evidence I was able to collect is the screenshot of the system graph of our internet port. Also the outage only took around 5min. Since restarting a Sophos XG310 firewall normally takes around 10min to 15min depending on the scenario. 

Now my question is where can I find the logs showing if the Firewall did a restart? Can I also know what is causing this internet outage? Does anyone encountered this kind of issue? Please check the screenshot below for more details.

Please advise.

Thanks

Rodney



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hey Rodney, Thanks for reaching out to Sophos Community.

    Initially, you can start by checking the reboot events on the firewall. Most events can be found through "Log viewer > System"

    If you want to check from the CLI, then take SSH and navigate to Option 5 > Option 3 Advanced shell. Run the command -> grep -i 'busybox' /log/syslog.log. 

    each occurrence of busybox starting event refers that the firewall was booted. Basically, busybox service was initialized during the boot.

    Once you get the time when the device was rebooted, Check these logs (available in /log directory) before the time of restart event: applog.log | csc.log | syslog.log.

    Check if there's any coredump by running the command --> ls -lah /var/cores/. 

    You can post the logs here or share them via DM if you want

  • 0 in reply to FormerMember

    HI DeveshM,

    Upon checking the LCI here is what I found out.

    Can I ask how can I check the applog.logs.

    Thanks

    Rodney

  • FormerMember
    0 FormerMember in reply to Rodney Altamera

    Hey Rodney, applog.log is available in /log so the path is /log/applog.log.

    You can use 'less' to open the file and search the reboot time and check the logs above it. Also you can do the same for syslog.log as well.

    Feel free to drop a DM to share the log file or post it here in the thread :) 

  • 0 in reply to FormerMember

    HI DaveshM,

    Here is the screenshot for the syslogs. I am jst confused what is causing these sudden restart of the Firewall.

    And here is the logs for applog,

    Thanks

    Rodney

Reply Children
No Data