Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 9649 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Consistent Reboots on Sophos XG Firewall

Devin Ortner

I recently replaced my old CR15 Cyberoam firewall with a Sophos XG home firewall on hardware. The XG firewall consistently reboots 3 times per day. Once between 6am and 10am, again between 12pm and 2pm and again between 7pm and 10 pm. This has been happening every day for a week and I haven't been able to figure out why. Due to the firewall's logs getting lost on reboot, I setup a virtual machine running an iView2 free trial, and setup the XG to send it's logs to the iView server. That didn't help any, nothing was logged to the iView server when it rebooted, so that makes me think that it is a harder crash than I thought. Next I logged in over SSH to the system and got into the advanced console and tailed "/var/tslog/syslog.log" and logged it to my putty session. I have added the output below, I'm seeing a lot of the daemon.info init lines and they show the wrong time. The firewall rebooted at 9:49, does the logfile I've attached make sense to anyone? I see the pid number for the /bin/login line is increasing. Thanks for any help.

My hardware: MiniPC chassis, quad-core celeron-based intel CPU 1.9ghz, 8gb of RAM, 4 NIC ports, 32gb SSD.
EDIT: I have done a little more research and it seems like these errors from trying to start the shell on /dev/ttyS0 are coming from BusyBox and I think it is happening because I don't have a serial port on my MiniPC. I looked in the Bios and I don't even see settings for one. I haven't taken it apart yet to look for a port on the board, but I'm starting to think that even if I did take it apart I probably wont find any headers for a Serial Port. Just giving an update to add more details to the situation.  I found a few solutions where people modified the /etc/init.orig line and the sophos has /etc/sysinit_original. I took a look at the file and didn't find anything like any of the solutions I found online. I found on place where it creates a symlink to /dev/ttyS0 though, however I haven't tested changing it yet. 

Oct 23 13:49:04 (none) daemon.info init: process '/bin/login' (pid 3087) exited. Scheduling for restart.
Oct 23 13:49:04 (none) daemon.info init: starting pid 3092, tty '/dev/ttyS0': '/bin/login'
Oct 23 13:49:05 (none) daemon.info init: process '/bin/login' (pid 3092) exited. Scheduling for restart.
Oct 23 13:49:05 (none) daemon.info init: starting pid 3096, tty '/dev/ttyS0': '/bin/login'
Oct 23 09:49:05 (none) local0.info [ctipd][2586]: CEnginesContainer::UpdateSettings() - Updating
Oct 23 09:49:05 (none) local0.info [ctipd][2586]: CEnginesContainer::UpdateSettings() - Updating
Oct 23 09:49:05 (none) local0.err [ctipd][2586]: CIpRepCache::Load() - Can't open file /tmp/ctipd.cache...
Oct 23 09:49:05 (none) local0.err [ctipd][2586]: CIpRepCache::Load() - Can't open file /tmp/ctipd.cache_v6...
Oct 23 09:49:05 (none) local0.err [ctipd][2586]: Counters - can't open cache file /tmp/ctipd.DM_counters
Oct 23 09:49:05 (none) local0.err [ctipd][2586]: Counters - can't open cache file /tmp/ctipd.DM_counters_v6
Oct 23 09:49:05 (none) local0.info [ctipd][2586]: UDP server listening on port 5685
Oct 23 09:49:05 (none) local0.info [ctipd][2586]: RBL server listening on port 65005
Oct 23 09:49:05 (none) local0.info [ctipd][2586]: Ready
Oct 23 13:49:06 (none) daemon.info init: process '/bin/login' (pid 3096) exited. Scheduling for restart.
Oct 23 13:49:06 (none) daemon.info init: starting pid 3118, tty '/dev/ttyS0': '/bin/login'
Oct 23 13:49:07 (none) daemon.info init: process '/bin/login' (pid 3118) exited. Scheduling for restart.
Oct 23 13:49:07 (none) daemon.info init: starting pid 3136, tty '/dev/ttyS0': '/bin/login'
Oct 23 13:49:08 (none) daemon.info init: process '/bin/login' (pid 3136) exited. Scheduling for restart.
Oct 23 13:49:08 (none) daemon.info init: starting pid 3145, tty '/dev/ttyS0': '/bin/login'
Oct 23 09:49:09 (none) local0.info ctasd[3006]: Synchronize proactive patterns...
Oct 23 13:49:09 (none) daemon.info init: process '/bin/login' (pid 3145) exited. Scheduling for restart.
Oct 23 13:49:09 (none) daemon.info init: starting pid 3146, tty '/dev/ttyS0': '/bin/login'
Oct 23 09:49:09 (none) local0.info ctasd[3018]: Synchronize proactive patterns...
Oct 23 13:49:10 (none) daemon.info init: process '/bin/login' (pid 3146) exited. Scheduling for restart.
Oct 23 13:49:10 (none) daemon.info init: starting pid 3180, tty '/dev/ttyS0': '/bin/login'
Oct 23 09:49:10 (none) user.warn kernel: [  105.039184] htb: headprio qdisc FFFD: is non-work-conserving?
Oct 23 09:49:10 (none) local0.info ctasd[3006]: Synchronize patterns finished
Oct 23 09:49:10 (none) local0.info ctasd[3006]: Load cache...
Oct 23 09:49:10 (none) local0.info ctasd[3006]: Load senderId lists
Oct 23 09:49:10 (none) local0.info ctasd[3006]: Load cache finished
Oct 23 09:49:10 (none) local0.info ctasd[3006]: Load senderId lists finished
Oct 23 09:49:10 (none) local0.info ctasd[3006]: Http server listening on port 8089
Oct 23 09:49:10 (none) local0.info ctasd[3006]: Spamd server listening on port 7831
Oct 23 09:49:10 (none) local0.info ctasd[3006]: Stat server is disabled
Oct 23 09:49:10 (none) local0.info ctasd[3006]: Ready
Oct 23 13:49:11 (none) daemon.info init: process '/bin/login' (pid 3180) exited. Scheduling for restart.
Oct 23 13:49:11 (none) daemon.info init: starting pid 3213, tty '/dev/ttyS0': '/bin/login'
Oct 23 09:49:11 (none) local0.info ctasd[3018]: Synchronize patterns finished
Oct 23 09:49:11 (none) local0.info ctasd[3018]: Load cache...
Oct 23 09:49:11 (none) local0.info ctasd[3018]: Load cache finished
Oct 23 09:49:11 (none) local0.info ctasd[3018]: Http server listening on port 8088
Oct 23 09:49:11 (none) local0.info ctasd[3018]: Spamd server listening on port 7830
Oct 23 09:49:11 (none) local0.info ctasd[3018]: Stat server is disabled
Oct 23 09:49:11 (none) local0.info ctasd[3018]: Ready
Oct 23 13:49:12 (none) daemon.info init: process '/bin/login' (pid 3213) exited. Scheduling for restart.
Oct 23 13:49:12 (none) daemon.info init: starting pid 3266, tty '/dev/ttyS0': '/bin/login'
Oct 23 09:49:12 (none) user.err kernel: [  106.848338] 544:appdev_open:dev open 0 1d
Oct 23 09:49:12 (none) user.err kernel: [  106.848345] 565:appdev_open:dev open 1
Oct 23 09:49:12 (none) user.err kernel: [  106.848359] 629:appdev_ioctl:dev size 528384
Oct 23 09:49:12 (none) user.err kernel: [  106.848390] 841:appdev_mmap:start size 528384
Oct 23 09:49:12 (none) user.err kernel: [  106.848406] 817:appdev_vma_open:size 528384
Oct 23 13:49:13 (none) daemon.info init: process '/bin/login' (pid 3266) exited. Scheduling for restart.
Oct 23 13:49:13 (none) daemon.info init: starting pid 3279, tty '/dev/ttyS0': '/bin/login'
Oct 23 13:49:14 (none) daemon.info init: process '/bin/login' (pid 3279) exited. Scheduling for restart.
Oct 23 13:49:14 (none) daemon.info init: starting pid 3429, tty '/dev/ttyS0': '/bin/login'
Oct 23 13:49:15 (none) daemon.info init: process '/bin/login' (pid 3429) exited. Scheduling for restart.
Oct 23 13:49:15 (none) daemon.info init: starting pid 3451, tty '/dev/ttyS0': '/bin/login'
Oct 23 09:49:15 (none) user.err ipsec: User name NULL in vpn sso request
Oct 23 13:49:16 (none) daemon.info init: process '/bin/login' (pid 3451) exited. Scheduling for restart.
Oct 23 13:49:16 (none) daemon.info init: starting pid 3493, tty '/dev/ttyS0': '/bin/login'
Oct 23 09:49:16 (none) user.err kernel: [  111.415222] 544:appdev_open:dev open 1 1f
Oct 23 09:49:16 (none) user.err kernel: [  111.415228] 565:appdev_open:dev open 3
Oct 23 09:49:16 (none) user.err kernel: [  111.415285] 505:appdev_write:count 10  buff U 1,ACCEPT
Oct 23 09:49:16 (none) user.err kernel: [  111.415288] 520:appdev_write:ptr U 1,ACCEPT
Oct 23 09:49:16 (none) user.err kernel: [  111.415291] 78:appfiltermap_adt_parser: buff U 1,ACCEPT
Oct 23 09:49:16 (none) user.err kernel: [  111.415296] 527:appdev_write:count 10
Oct 23 09:49:16 (none) user.err kernel: [  111.415304] 573:appdev_release:dev open 3
Oct 23 09:49:16 (none) user.err kernel: [  111.415307] 586:appdev_release:counter 8 size 1022
Oct 23 09:49:16 (none) user.err kernel: [  111.415310] 589:appdev_release:dev open 0
Oct 23 09:49:16 (none) user.err kernel: [  111.415339] 544:appdev_open:dev open 0 1f
Oct 23 09:49:16 (none) user.err kernel: [  111.415343] 565:appdev_open:dev open 3
Oct 23 09:49:16 (none) user.err kernel: [  111.415364] 505:appdev_write:count 8  buff U 2,DROP
Oct 23 09:49:16 (none) user.err kernel: [  111.415368] 520:appdev_write:ptr U 2,DROP
Oct 23 09:49:16 (none) user.err kernel: [  111.415370] 78:appfiltermap_adt_parser: buff U 2,DROP
Oct 23 09:49:16 (none) user.err kernel: [  111.415374] 527:appdev_write:count 8
Oct 23 09:49:16 (none) user.err kernel: [  111.415378] 573:appdev_release:dev open 3
Oct 23 09:49:16 (none) user.err kernel: [  111.415381] 586:appdev_release:counter 8 size 1022
Oct 23 09:49:16 (none) user.err kernel: [  111.415384] 589:appdev_release:dev open 0
Oct 23 09:49:17 (none) user.err kernel: [  111.422320] 544:appdev_open:dev open 0 1f
Oct 23 09:49:17 (none) user.err kernel: [  111.422327] 565:appdev_open:dev open 3
Oct 23 09:49:17 (none) user.err kernel: [  111.422381] 505:appdev_write:count 10  buff U 1,ACCEPT
Oct 23 09:49:17 (none) user.err kernel: [  111.422385] 520:appdev_write:ptr U 1,ACCEPT
Oct 23 09:49:17 (none) user.err kernel: [  111.422388] 78:appfiltermap_adt_parser: buff U 1,ACCEPT
Oct 23 09:49:17 (none) user.err kernel: [  111.422393] 527:appdev_write:count 10
Oct 23 09:49:17 (none) user.err kernel: [  111.422401] 573:appdev_release:dev open 3
Oct 23 09:49:17 (none) user.err kernel: [  111.422404] 586:appdev_release:counter 8 size 1022
Oct 23 09:49:17 (none) user.err kernel: [  111.422407] 589:appdev_release:dev open 0
Oct 23 09:49:17 (none) user.err kernel: [  111.422435] 544:appdev_open:dev open 0 1f
Oct 23 09:49:17 (none) user.err kernel: [  111.422438] 565:appdev_open:dev open 3
Oct 23 09:49:17 (none) user.err kernel: [  111.422459] 505:appdev_write:count 8  buff U 2,DROP
Oct 23 09:49:17 (none) user.err kernel: [  111.422463] 520:appdev_write:ptr U 2,DROP
Oct 23 09:49:17 (none) user.err kernel: [  111.422466] 78:appfiltermap_adt_parser: buff U 2,DROP
Oct 23 09:49:17 (none) user.err kernel: [  111.422469] 527:appdev_write:count 8
Oct 23 09:49:17 (none) user.err kernel: [  111.422473] 573:appdev_release:dev open 3
Oct 23 09:49:17 (none) user.err kernel: [  111.422477] 586:appdev_release:counter 8 size 1022
Oct 23 09:49:17 (none) user.err kernel: [  111.422479] 589:appdev_release:dev open 0
Oct 23 09:49:17 (none) user.err kernel: [  111.424572] 544:appdev_open:dev open 0 1f
Oct 23 09:49:17 (none) user.err kernel: [  111.424578] 565:appdev_open:dev open 3
Oct 23 09:49:17 (none) user.err kernel: [  111.424753] 505:appdev_write:count 7742  buff U 3,ACCEPT,1-2-3-4-5-6-7-8-10-11-12-13-14-21-22-26-27-28-29-30-31-32-33-34-35-36-37-39-40-43-44-45-47-48-49-50-51-52-53-54-56-58-59-60-61-62-63-64-65-66-67-68-69-71-72-73-74-75-76-77-78-79-80-82-84-85-86-87-88-89-90-93-94-107-117-118-119-120-121-122-126-127-128-129-130-131-132-133-134-136-137-138-139-140-141-142-147-148-149-150-151-152-153-154-155-156-158-160-165-166-167-169-173-174-175-176-177-178-179-181-182-185-189-193-194-195-196-197-198-200-201-202-203-204-205-206-208-209-210-212-213-214-215-216-217-218-219-220-221-222-225-226-227-229-230-236-238-239-240-241-242-243-244-245-247-248-250-251-252-253-254-255-256-257-258-261-262-263-264-265-267-268-270-271-272-273-274-275-276-277-278-279-281-282-284-285-286-287-290-291-293-296-297-299-301-304-305-306-308-309-310-311-313-314-315-316-317-318-319-320-321-322-323-324-325-326-327-328-329-330-331-332-333-334-335-336-337-338-339-340-341-342-343-344-345-346-347-348-350-351-352-353-354-355-
Oct 23 09:49:17 (none) user.err kernel: [  111.424988] 573:appdev_release:dev open 3
Oct 23 09:49:17 (none) user.err kernel: [  111.424991] 586:appdev_release:counter 8 size 1022
Oct 23 09:49:17 (none) user.err kernel: [  111.424994] 589:appdev_release:dev open 0
Oct 23 09:49:17 (none) user.err kernel: [  111.426087] 544:appdev_open:dev open 0 1f
Oct 23 09:49:17 (none) user.err kernel: [  111.426093] 565:appdev_open:dev open 3
Oct 23 09:49:17 (none) user.err kernel: [  111.426170] 505:appdev_write:count 1874  buff U 4,ACCEPT,2-4-11-14-15-22-23-24-25-26-28-32-35-38-39-43-44-45-47-51-55-56-57-59-60-61-62-64-69-73-76-79-81-82-83-84-91-93-95-97-98-99-111-112-114-115-117-118-119-121-122-123-124-125-126-127-128-129-130-131-132-133-134-136-137-138-139-140-141-142-143-148-149-151-152-153-154-155-156-159-161-163-165-166-167-168-177-179-180-183-187-188-202-203-204-211-212-215-217-218-219-220-221-228-238-239-240-241-242-243-261-262-263-266-269-270-273-275-282-283-285-287-288-290-292-293-301-303-304-306-308-310-312-316-318-319-320-322-331-333-334-335-336-337-338-339-340-341-342-343-344-345-346-347-348-349-350-351-352-354-355-356-357-358-359-361-362-363-364-365-366-368-369-370-371-372-373-374-375-376-377-378-383-387-390-405-406-407-409-410-411-413-414-416-417-419-420-421-422-492-493-495-499-523-529-533-534-537-538-540-544-546-547-550-553-555-559-561-562-563-564-609-639-640-647-648-649-651-652-653-654-657-658-659-660-661-662-664-666-667-668-669-670-671-672
Oct 23 09:49:17 (none) user.err kernel: [  111.426248] 573:appdev_release:dev open 3
Oct 23 09:49:17 (none) user.err kernel: [  111.426252] 586:appdev_release:counter 8 size 1022
Oct 23 09:49:17 (none) user.err kernel: [  111.426254] 589:appdev_release:dev open 0
Oct 23 09:49:17 (none) user.err kernel: [  111.427084] 544:appdev_open:dev open 0 1f
Oct 23 09:49:17 (none) user.err kernel: [  111.427089] 565:appdev_open:dev open 3
Oct 23 09:49:17 (none) user.err kernel: [  111.427131] 505:appdev_write:count 210  buff U 5,ACCEPT,12-13-27-31-37-49-50-63-66-77-80-107-175-176-201-216-227-229-230-245-250-251-252-253-254-255-256-257-270-284-291-299-305-543-548-553-557-643-644-676-1420-1421-1422-1423-1424-1425-1694-2003-2147-2152
Oct 23 09:49:17 (none) user.err kernel: [  111.427137] 520:appdev_write:ptr U 5,ACCEPT,12-13-27-31-37-49-50-63-66-77-80-107-175-176-201-216-227-229-230-245-250-251-252-253-254-255-256-257-270-284-291-299-305-543-548-553-557-643-644-676-1420-1421-1422-1423-1424-1425-1694-2003-2147-2152
Oct 23 09:49:17 (none) user.err kernel: [  111.427141] 78:appfiltermap_adt_parser: buff U 5,ACCEPT,12-13-27-31-37-49-50-63-66-77-80-107-175-176-201-216-227-229-230-245-250-251-252-253-254-255-256-257-270-284-291-299-305-543-548-553-557-643-644-676-1420-1421-1422-1423-1424-1425-1694-2003-2147-2152
Oct 23 09:49:17 (none) user.err kernel: [  111.427161] 527:appdev_write:count 210
Oct 23 09:49:17 (none) user.err kernel: [  111.427167] 573:appdev_release:dev open 3
Oct 23 09:49:17 (none) user.err kernel: [  111.427170] 586:appdev_release:counter 8 size 1022
Oct 23 09:49:17 (none) user.err kernel: [  111.427173] 589:appdev_release:dev open 0
Oct 23 09:49:17 (none) user.err kernel: [  111.428919] 544:appdev_open:dev open 0 1f
Oct 23 09:49:17 (none) user.err kernel: [  111.428925] 565:appdev_open:dev open 3
Oct 23 09:49:17 (none) user.err kernel: [  111.428967] 505:appdev_write:count 322  buff U 6,ACCEPT,13-43-44-45-47-49-50-60-62-63-77-80-84-107-119-130-151-153-176-201-203-204-216-227-229-230-242-244-247-248-252-253-254-255-256-261-270-278-279-284-299-304-305-310-373-387-493-543-557-657-676-692-802-803-808-816-1046-2023-2188-2192-2197-2217-2219-2238-2419-2420-2421-2422-2423-2428-2429-2438-2443-2468-2469-2470
Oct 23 09:49:17 (none) user.err kernel: [  111.428973] 520:appdev_write:ptr U 6,ACCEPT,13-43-44-45-47-49-50-60-62-63-77-80-84-107-119-130-151-153-176-201-203-204-216-227-229-230-242-244-247-248-252-253-254-255-256-261-270-278-279-284-299-304-305-310-373-387-493-543-557-657-676-692-802-803-808-816-1046-2023-2188-2192-2197-2217-2219-2238-2419-2420-2421-2422-2423-2428-2429-2438-2443-2468-2469-2470
Oct 23 09:49:17 (none) user.err kernel: [  111.428979] 78:appfiltermap_adt_parser: buff U 6,ACCEPT,13-43-44-45-47-49-50-60-62-63-77-80-84-107-119-130-151-153-176-201-203-204-216-227-229-230-242-244-247-248-252-253-254-255-256-261-270-278-279-284-299-304-305-310-373-387-493-543-557-657-676-692-802-803-808-816-1046-2023-2188-2192-2197-2217-2219-2238-2419-2420-2421-2422-2423-2428-2429-2438-2443-2468-2469-2470
Oct 23 09:49:17 (none) user.err kernel: [  111.428990] 527:appdev_write:count 322
Oct 23 09:49:17 (none) user.err kernel: [  111.428995] 573:appdev_release:dev open 3
Oct 23 09:49:17 (none) user.err kernel: [  111.428998] 586:appdev_release:counter 8 size 1022
Oct 23 09:49:17 (none) user.err kernel: [  111.429001] 589:appdev_release:dev open 0
Oct 23 09:49:17 (none) user.err kernel: [  111.436222] 544:appdev_open:dev open 0 1f
Oct 23 09:49:17 (none) user.err kernel: [  111.436228] 565:appdev_open:dev open 3
Oct 23 09:49:17 (none) user.err kernel: [  111.436422] 505:appdev_write:count 7742  buff U 3,ACCEPT,1-2-3-4-5-6-7-8-10-11-12-13-14-21-22-26-27-28-29-30-31-32-33-34-35-36-37-39-40-43-44-45-47-48-49-50-51-52-53-54-56-58-59-60-61-62-63-64-65-66-67-68-69-71-72-73-74-75-76-77-78-79-80-82-84-85-86-87-88-89-90-93-94-107-117-118-119-120-121-122-126-127-128-129-130-131-132-133-134-136-137-138-139-140-141-142-147-148-149-150-151-152-153-154-155-156-158-160-165-166-167-169-173-174-175-176-177-178-179-181-182-185-189-193-194-195-196-197-198-200-201-202-203-204-205-206-208-209-210-212-213-214-215-216-217-218-219-220-221-222-225-226-227-229-230-236-238-239-240-241-242-243-244-245-247-248-250-251-252-253-254-255-256-257-258-261-262-263-264-265-267-268-270-271-272-273-274-275-276-277-278-279-281-282-284-285-286-287-290-291-293-296-297-299-301-304-305-306-308-309-310-311-313-314-315-316-317-318-319-320-321-322-323-324-325-326-327-328-329-330-331-332-333-334-335-336-337-338-339-340-341-342-343-344-345-346-347-348-350-351-352-353-354-355-
Oct 23 09:49:17 (none) user.err kernel: [  111.436656] 573:appdev_release:dev open 3
Oct 23 09:49:17 (none) user.err kernel: [  111.436660] 586:appdev_release:counter 8 size 1022
Oct 23 09:49:17 (none) user.err kernel: [  111.436663] 589:appdev_release:dev open 0
Oct 23 09:49:17 (none) user.err kernel: [  111.442868] 544:appdev_open:dev open 0 1f
Oct 23 09:49:17 (none) user.err kernel: [  111.442874] 565:appdev_open:dev open 3
Oct 23 09:49:17 (none) user.err kernel: [  111.442933] 505:appdev_write:count 1459  buff U 7,ACCEPT,3-5-6-10-11-12-13-21-26-27-31-32-34-37-39-40-43-44-45-47-49-50-51-54-59-60-62-63-64-66-67-71-76-77-79-80-84-85-86-93-107-117-119-120-121-122-126-127-128-129-130-131-132-136-137-138-141-150-151-153-154-155-158-165-166-167-169-175-176-177-178-185-189-193-194-195-196-197-200-201-203-204-208-209-210-212-213-216-218-222-225-226-227-229-230-236-238-239-240-241-242-243-244-245-247-248-250-251-252-253-254-255-256-257-258-261-262-263-265-267-268-270-271-272-273-274-275-276-277-278-279-281-284-285-286-287-290-291-293-296-297-299-301-304-305-306-308-310-316-319-321-322-323-324-327-328-329-330-339-340-341-342-343-344-347-350-351-352-359-360-364-367-370-371-372-373-374-375-387-403-404-407-415-420-421-452-493-495-527-530-543-546-547-548-553-556-557-559-560-561-562-609-640-643-644-648-655-657-658-660-661-665-671-674-675-676-681-682-683-684-685-686-687-688-689-690-691-692-693-694-695-696-698-700-703-714-718-719-720-721-724-726-727-795-79
Oct 23 09:49:17 (none) user.err kernel: [  111.443001] 573:appdev_release:dev open 3
Oct 23 09:49:17 (none) user.err kernel: [  111.443004] 586:appdev_release:counter 8 size 1022
Oct 23 09:49:17 (none) user.err kernel: [  111.443007] 589:appdev_release:dev open 0
Oct 23 09:49:17 (none) user.err kernel: [  111.443968] 544:appdev_open:dev open 0 1f
Oct 23 09:49:17 (none) user.err kernel: [  111.443974] 565:appdev_open:dev open 3
Oct 23 09:49:17 (none) user.err kernel: [  111.444032] 505:appdev_write:count 1874  buff U 4,ACCEPT,2-4-11-14-15-22-23-24-25-26-28-32-35-38-39-43-44-45-47-51-55-56-57-59-60-61-62-64-69-73-76-79-81-82-83-84-91-93-95-97-98-99-111-112-114-115-117-118-119-121-122-123-124-125-126-127-128-129-130-131-132-133-134-136-137-138-139-140-141-142-143-148-149-151-152-153-154-155-156-159-161-163-165-166-167-168-177-179-180-183-187-188-202-203-204-211-212-215-217-218-219-220-221-228-238-239-240-241-242-243-261-262-263-266-269-270-273-275-282-283-285-287-288-290-292-293-301-303-304-306-308-310-312-316-318-319-320-322-331-333-334-335-336-337-338-339-340-341-342-343-344-345-346-347-348-349-350-351-352-354-355-356-357-358-359-361-362-363-364-365-366-368-369-370-371-372-373-374-375-376-377-378-383-387-390-405-406-407-409-410-411-413-414-416-417-419-420-421-422-492-493-495-499-523-529-533-534-537-538-540-544-546-547-550-553-555-559-561-562-563-564-609-639-640-647-648-649-651-652-653-654-657-658-659-660-661-662-664-666-667-668-669-670-671-672
Oct 23 09:49:17 (none) user.err kernel: [  111.444111] 573:appdev_release:dev open 3
Oct 23 09:49:17 (none) user.err kernel: [  111.444114] 586:appdev_release:counter 8 size 1022
Oct 23 09:49:17 (none) user.err kernel: [  111.444117] 589:appdev_release:dev open 0
Oct 23 09:49:17 (none) user.err kernel: [  111.445238] 544:appdev_open:dev open 0 1f
Oct 23 09:49:17 (none) user.err kernel: [  111.445245] 565:appdev_open:dev open 3
Oct 23 09:49:17 (none) user.err kernel: [  111.445317] 505:appdev_write:count 210  buff U 8,ACCEPT,12-13-27-31-37-49-50-63-66-77-80-107-175-176-201-216-227-229-230-245-250-251-252-253-254-255-256-257-270-284-291-299-305-543-548-553-557-643-644-676-1420-1421-1422-1423-1424-1425-1694-2003-2147-2152
Oct 23 09:49:17 (none) user.err kernel: [  111.445322] 520:appdev_write:ptr U 8,ACCEPT,12-13-27-31-37-49-50-63-66-77-80-107-175-176-201-216-227-229-230-245-250-251-252-253-254-255-256-257-270-284-291-299-305-543-548-553-557-643-644-676-1420-1421-1422-1423-1424-1425-1694-2003-2147-2152
Oct 23 09:49:17 (none) user.err kernel: [  111.445327] 78:appfiltermap_adt_parser: buff U 8,ACCEPT,12-13-27-31-37-49-50-63-66-77-80-107-175-176-201-216-227-229-230-245-250-251-252-253-254-255-256-257-270-284-291-299-305-543-548-553-557-643-644-676-1420-1421-1422-1423-1424-1425-1694-2003-2147-2152
Oct 23 09:49:17 (none) user.err kernel: [  111.445336] 527:appdev_write:count 210
Oct 23 09:49:17 (none) user.err kernel: [  111.445342] 573:appdev_release:dev open 3
Oct 23 09:49:17 (none) user.err kernel: [  111.445345] 586:appdev_release:counter 8 size 1022
Oct 23 09:49:17 (none) user.err kernel: [  111.445348] 589:appdev_release:dev open 0
Oct 23 09:49:17 (none) user.err kernel: [  111.454878] 544:appdev_open:dev open 0 1f
Oct 23 09:49:17 (none) user.err kernel: [  111.454886] 565:appdev_open:dev open 3
Oct 23 09:49:17 (none) user.err kernel: [  111.454938] 505:appdev_write:count 210  buff U 5,ACCEPT,12-13-27-31-37-49-50-63-66-77-80-107-175-176-201-216-227-229-230-245-250-251-252-253-254-255-256-257-270-284-291-299-305-543-548-553-557-643-644-676-1420-1421-1422-1423-1424-1425-1694-2003-2147-2152
Oct 23 09:49:17 (none) user.err kernel: [  111.454943] 520:appdev_write:ptr U 5,ACCEPT,12-13-27-31-37-49-50-63-66-77-80-107-175-176-201-216-227-229-230-245-250-251-252-253-254-255-256-257-270-284-291-299-305-543-548-553-557-643-644-676-1420-1421-1422-1423-1424-1425-1694-2003-2147-2152
Oct 23 09:49:17 (none) user.err kernel: [  111.454948] 78:appfiltermap_adt_parser: buff U 5,ACCEPT,12-13-27-31-37-49-50-63-66-77-80-107-175-176-201-216-227-229-230-245-250-251-252-253-254-255-256-257-270-284-291-299-305-543-548-553-557-643-644-676-1420-1421-1422-1423-1424-1425-1694-2003-2147-2152
Oct 23 09:49:17 (none) user.err kernel: [  111.454957] 527:appdev_write:count 210
Oct 23 09:49:17 (none) user.err kernel: [  111.454963] 573:appdev_release:dev open 3
Oct 23 09:49:17 (none) user.err kernel: [  111.454966] 586:appdev_release:counter 8 size 1022
Oct 23 09:49:17 (none) user.err kernel: [  111.454969] 589:appdev_release:dev open 0
Oct 23 09:49:17 (none) user.err kernel: [  111.455883] 544:appdev_open:dev open 0 1f
Oct 23 09:49:17 (none) user.err kernel: [  111.455889] 565:appdev_open:dev open 3
Oct 23 09:49:17 (none) user.err kernel: [  111.455934] 505:appdev_write:count 322  buff U 6,ACCEPT,13-43-44-45-47-49-50-60-62-63-77-80-84-107-119-130-151-153-176-201-203-204-216-227-229-230-242-244-247-248-252-253-254-255-256-261-270-278-279-284-299-304-305-310-373-387-493-543-557-657-676-692-802-803-808-816-1046-2023-2188-2192-2197-2217-2219-2238-2419-2420-2421-2422-2423-2428-2429-2438-2443-2468-2469-2470
Oct 23 09:49:17 (none) user.err kernel: [  111.455940] 520:appdev_write:ptr U 6,ACCEPT,13-43-44-45-47-49-50-60-62-63-77-80-84-107-119-130-151-153-176-201-203-204-216-227-229-230-242-244-247-248-252-253-254-255-256-261-270-278-279-284-299-304-305-310-373-387-493-543-557-657-676-692-802-803-808-816-1046-2023-2188-2192-2197-2217-2219-2238-2419-2420-2421-2422-2423-2428-2429-2438-2443-2468-2469-2470
Oct 23 09:49:17 (none) user.err kernel: [  111.455946] 78:appfiltermap_adt_parser: buff U 6,ACCEPT,13-43-44-45-47-49-50-60-62-63-77-80-84-107-119-130-151-153-176-201-203-204-216-227-229-230-242-244-247-248-252-253-254-255-256-261-270-278-279-284-299-304-305-310-373-387-493-543-557-657-676-692-802-803-808-816-1046-2023-2188-2192-2197-2217-2219-2238-2419-2420-2421-2422-2423-2428-2429-2438-2443-2468-2469-2470
Oct 23 09:49:17 (none) user.err kernel: [  111.455957] 527:appdev_write:count 322
Oct 23 09:49:17 (none) user.err kernel: [  111.455962] 573:appdev_release:dev open 3
Oct 23 09:49:17 (none) user.err kernel: [  111.455966] 586:appdev_release:counter 8 size 1022
Oct 23 09:49:17 (none) user.err kernel: [  111.455968] 589:appdev_release:dev open 0
Oct 23 09:49:17 (none) user.err kernel: [  111.456922] 544:appdev_open:dev open 0 1f
Oct 23 09:49:17 (none) user.err kernel: [  111.456928] 565:appdev_open:dev open 3
Oct 23 09:49:17 (none) user.err kernel: [  111.456982] 505:appdev_write:count 1459  buff U 7,ACCEPT,3-5-6-10-11-12-13-21-26-27-31-32-34-37-39-40-43-44-45-47-49-50-51-54-59-60-62-63-64-66-67-71-76-77-79-80-84-85-86-93-107-117-119-120-121-122-126-127-128-129-130-131-132-136-137-138-141-150-151-153-154-155-158-165-166-167-169-175-176-177-178-185-189-193-194-195-196-197-200-201-203-204-208-209-210-212-213-216-218-222-225-226-227-229-230-236-238-239-240-241-242-243-244-245-247-248-250-251-252-253-254-255-256-257-258-261-262-263-265-267-268-270-271-272-273-274-275-276-277-278-279-281-284-285-286-287-290-291-293-296-297-299-301-304-305-306-308-310-316-319-321-322-323-324-327-328-329-330-339-340-341-342-343-344-347-350-351-352-359-360-364-367-370-371-372-373-374-375-387-403-404-407-415-420-421-452-493-495-527-530-543-546-547-548-553-556-557-559-560-561-562-609-640-643-644-648-655-657-658-660-661-665-671-674-675-676-681-682-683-684-685-686-687-688-689-690-691-692-693-694-695-696-698-700-703-714-718-719-720-721-724-726-727-795-79
Oct 23 09:49:17 (none) user.err kernel: [  111.457048] 573:appdev_release:dev open 3
Oct 23 09:49:17 (none) user.err kernel: [  111.457051] 586:appdev_release:counter 8 size 1022
Oct 23 09:49:17 (none) user.err kernel: [  111.457054] 589:appdev_release:dev open 0
Oct 23 09:49:17 (none) user.err kernel: [  111.457874] 544:appdev_open:dev open 0 1f
Oct 23 09:49:17 (none) user.err kernel: [  111.457879] 565:appdev_open:dev open 3
Oct 23 09:49:17 (none) user.err kernel: [  111.457919] 505:appdev_write:count 210  buff U 8,ACCEPT,12-13-27-31-37-49-50-63-66-77-80-107-175-176-201-216-227-229-230-245-250-251-252-253-254-255-256-257-270-284-291-299-305-543-548-553-557-643-644-676-1420-1421-1422-1423-1424-1425-1694-2003-2147-2152
Oct 23 09:49:17 (none) user.err kernel: [  111.457924] 520:appdev_write:ptr U 8,ACCEPT,12-13-27-31-37-49-50-63-66-77-80-107-175-176-201-216-227-229-230-245-250-251-252-253-254-255-256-257-270-284-291-299-305-543-548-553-557-643-644-676-1420-1421-1422-1423-1424-1425-1694-2003-2147-2152
Oct 23 09:49:17 (none) user.err kernel: [  111.457928] 78:appfiltermap_adt_parser: buff U 8,ACCEPT,12-13-27-31-37-49-50-63-66-77-80-107-175-176-201-216-227-229-230-245-250-251-252-253-254-255-256-257-270-284-291-299-305-543-548-553-557-643-644-676-1420-1421-1422-1423-1424-1425-1694-2003-2147-2152
Oct 23 09:49:17 (none) user.err kernel: [  111.457938] 527:appdev_write:count 210
Oct 23 09:49:17 (none) user.err kernel: [  111.457943] 573:appdev_release:dev open 3
Oct 23 09:49:17 (none) user.err kernel: [  111.457946] 586:appdev_release:counter 8 size 1022
Oct 23 09:49:17 (none) user.err kernel: [  111.457949] 589:appdev_release:dev open 0
Oct 23 13:49:17 (none) daemon.info init: process '/bin/login' (pid 3493) exited. Scheduling for restart.
Oct 23 13:49:17 (none) daemon.info init: starting pid 3573, tty '/dev/ttyS0': '/bin/login'
Oct 23 13:49:18 (none) daemon.info init: process '/bin/login' (pid 3573) exited. Scheduling for restart.
Oct 23 13:49:18 (none) daemon.info init: starting pid 3644, tty '/dev/ttyS0': '/bin/login'
Oct 23 13:49:19 (none) daemon.info init: process '/bin/login' (pid 3644) exited. Scheduling for restart.


This thread was automatically locked due to age.
  • 0

    Devin,

    how did you upgrade to XG? I mean, did you reinstall XG from scratch using an ISO image or did you use the in-place upgrade firmware available from Web Interface?

    I think that the second option is not possible, because your HW is not supported to run XG as described on this link:

    https://community.sophos.com/kb/en-us/122869#CyberoamAppliances

    Thanks

  • 0 in reply to lferrara

    I didn't upgrade the software on a Cyberoam. I replaced the Cyberoam Appliance Hardware with a new piece of Hardware I purchased and installed Sophos XG on that using an ISO I downloaded from the Sophos webpage. I went into the BIOS and changed a few settings with how it worked with the SATA SSD and also enabled Virtualization support (not sure it really makes a difference but I changed it so I'm mentioning it). 

    Now the Appliance is no longer rebooting, it has been up for almost 9 Days straight, however I'm seeing packet loss, and am still getting pages and pages of the logs I posted a portion of earlier about the /bin/login on /dev/ttyS0 the main reason for being in the BIOS was to look to see if there was a disabled COM port or something, but no such luck. It appears I do not have a COM port on this system, probably the cause of the log messages I'm getting. Is anyone aware of a fix for this? I really don't like the clutter in my logs. 

    I'm also wondering if anyone has a suggested way to test for packet loss on the device itself. I'm currently using a LAN bridge I configured using two of the spare ports on my device and having ostinado send streams of packets to the another host running Wireshark. 

  • 0 in reply to Devin Ortner

    Devin,

    For the ttys0, I think that the error is due to fact that you do it have a serial port and I do not know if there is a way to disable the process that requires it. Let see if @sachingurung has an idea.

    For tracking packet, connect to XG using cli -> option 4 and you have tcpdump utility.

    You can find all the switches used by tcpdump from command line guide:

    Thanks

  • 0 in reply to lferrara

    Hello Devin,

    As Luk suggested, ttyS0 is the serial port which was seeming to be an issue. you might have enabled the COM port on the BIOS and it has stopped rebooting. 

    Regarding packet loss, there could be a couple of reasons since you are using a custom hardware - P.S. by custom hardware I mean - Hardware that is not provided by Sophos.

    1. Neogtiation problems - Please set the firewall rules to allow all the traffic and observe the drops on the interface (Console> show network interfaces) - keep monitoring the interface for number of errors in TX-RX packets.

    2. NIC make and model - could be another issue if the NIC card drivers are a problem. Try using a generic NIC, or change the NIC to another one.

    3. Try different negotiations (10M HD, 10M FD, 100M HD, 100M FD, 1000 HD, 1000FD) and see if makes a difference.

    Please share your observations.

    Regards,

  • 0 in reply to varunparikh

    I did not enable the Serial port in the BIOS, there is no setting in my BIOS for the Serial Port, I was in the BIOS looking for a setting for that. If there is a process I can disable or something to fix that /dev/ttyS0 error it would be very helpful. 

    As far as packet loss, I just set it to 1000M FD this morning so I'll see how that goes, it was auto-negotiating those settings anyway.

    If I'm still seeing issues, I am going to try putting my Cyberoam hardware back in, just to verify that it is not my ISP causing the problems. 

  • 0 in reply to Devin Ortner

    HI Devin, 

    While setting the negotiation speed of the interface. You may check if there is any change in the error on the link . To check the errors you may go to SSH and select option 4 Console

    Console > Sh net interfaces  

    You may also check in bandwidth monitor and toggle with 'u'

    Check the Error on the interface and set the one which does not change the error .

    Thanks and Regards

    Aditya Patel