On a fairly new installation, users are reporting that sometimes they are getting "page could not be displayed" errors when browsing. It happens randomly and not on any specific site. When it happens on the one site they do use often though, it breaks the web application they are using and often results in the browser going to 100% CPU. Users are very unhappy when this happens.
On SG I would start investigating by going to /var/log/http.log and looking there to get a handle on what is happening (eg are the requests hitting the UTM and the UTM is reporting an error? or maybe the browser is failing to connect to the UTM at all? etc), but there doesn't seem to be this sort of information available on the XG.
I set up zabbix to just hit google.com every 5 seconds (get the page at http://google.com and confirm that the result looks roughly like google home page) and it flagged a failure at 12:49 today. I ran a Custom Web Report for that period and it shows no hits at all for 20 seconds. Either side of that 20 second gap it is getting pages every 5 seconds. So I guess that's something - as far as the web engine is concerned, requests are not hitting the sophos. That report doesn't tell me anything else about the other requests though, eg what was the HTTP status, how long did the request take, etc.
What other reports could I run or logfiles could I view to tell me this info? Is the data stored in a database somewhere that I can query? Is the data stored at all??
Thanks
James
This thread was automatically locked due to age.