Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 26 subscribers
  • Views 834 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

OSQuery Dead - SFOS 19.5.0 GA-Build197

John Groller

Hello Sophos Community!

Home user with a custom Supermicro build for Sophos Firewall.  It's an X10SLL-F with 8GB Hynix, and an E3-1220 v3, soon to be replaced with an E3-1265L v3.

It's a fresh install and upgrade to the latest firmware.  A few minutes after booting, I am alerted that the service "osquery" is "DEAD".

I found this but it's not quite the same:  Bug - OSquery service stopped 

One final note, I have not yet registered this install with a serial number yet... if that could be at all related.  Any insight would be appreciated!

Thanks,

John



This thread was automatically locked due to age.
Parents
  • 0

    Hello there,

    Thank you for contacting the Sophos Community.

    Can you do the following:

    1. Restart your Device and check if the service remains in Dead status, if the issue persists

    2. What Firmware version were you originally using? (you mentioned you upgraded to the latest Firmware) and run the following commands from the Advanced Shell (5>3) of the Firewall, you will need putty to connect:

    # ls /conf/certificate/internalcerts/

    # ls /conf/certificate/internalcas/

    Regards

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • 0 in reply to emmosophos

    Thank you for your reply!

    When I reboot, the service appears to start successfully.  I get no failure alert, and everything is "green".  It fails after a number of minutes.

    The fresh install was using 19.0.1_MR-1-365.  I originally experienced the failure in this firmware and thought that upgrading might fix the issue.  It did not.

    SF01V_SO01_SFOS 19.5.0 GA-Build197# ls /conf/certificate/internalcerts/
    ClientAuthentication_cert.key  ClientAuthentication_cert.pem

    SF01V_SO01_SFOS 19.5.0 GA-Build197# ls /conf/certificate/internalcas/
    ClientAuthentication_CA.der  cloud-ca.crt                 index.txt.attr.old           serial
    ClientAuthentication_CA.key  index.txt                    index.txt.old                serial.old
    ClientAuthentication_CA.pem  index.txt.attr               red-ca.crt

Reply
  • 0 in reply to emmosophos

    Thank you for your reply!

    When I reboot, the service appears to start successfully.  I get no failure alert, and everything is "green".  It fails after a number of minutes.

    The fresh install was using 19.0.1_MR-1-365.  I originally experienced the failure in this firmware and thought that upgrading might fix the issue.  It did not.

    SF01V_SO01_SFOS 19.5.0 GA-Build197# ls /conf/certificate/internalcerts/
    ClientAuthentication_cert.key  ClientAuthentication_cert.pem

    SF01V_SO01_SFOS 19.5.0 GA-Build197# ls /conf/certificate/internalcas/
    ClientAuthentication_CA.der  cloud-ca.crt                 index.txt.attr.old           serial
    ClientAuthentication_CA.key  index.txt                    index.txt.old                serial.old
    ClientAuthentication_CA.pem  index.txt.attr               red-ca.crt

Children
Unfiltered HTML