Thread Info
  • State Not Answered
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 18 replies
  • Subscribers 34 subscribers
  • Views 41732 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

No Security Heartbeat

Uli RompelRompel

Hello,

since update to SFOS 17.x i have no security heartbeat. The control center shows me "0 Connected".

At Sophos Central (cloud.sophos.com) the computer is still there.

I tried to:

a) Clear Security Heartbeat Account registration on XG Firewall, reboot, and logged on with my account again

b) Deinstall local installed Endpoint Advanced; Delete PC-Entry in Sophos Central; Reboot Client; Install again with no mistakes.

No success, still "0 Connected".

What can i do?

 

I am using:

XG Firewall (SFOS 17.0.1 MR-1) with home user lic.

Endpoint Advanced (with Advanced Lic)



This thread was automatically locked due to age.
Parents
  • 0 in reply to Mr.Roboto

    Hi all,

     

    can you check your Appliance Logs? 

    hbtrust.log and heartbeatd.log in /log/

     

    Cheers

  • 0 in reply to LuCar Toni

    Sure :)

    HB

    2018-01-19 16:38:29 INFO Main.cpp[16681]:219 main - Maximum connected clients: 10000
    2018-01-19 16:38:29 INFO EndpointStorage.cpp[16681]:42 EndpointStorage - Working with persistent endpoint storage
    2018-01-19 16:38:29 INFO EndpointStorage.cpp[16681]:44 EndpointStorage - Calling EndpointStorageBackend::get_all_endpoints
    2018-01-19 16:38:29 INFO Main.cpp[16681]:392 main - Heartbeat daemon running
    2018-01-19 16:38:29 WARN PGDatabaseEngine.cpp[16681]:223 executeSync - no tuples for query GET_APPCACHE_ENTRYS
    2018-01-19 16:38:29 INFO EacEventReader.cpp[16681]:131 start - EacEventReader has been successfully started
    2018-01-19 16:38:29 INFO Main.cpp[16681]:100 dropPrivileges - Privdrop to uid 5 with gid 1007 successful
    2018-01-19 16:38:29 INFO Main.cpp[16681]:103 dropPrivileges - reduced capabilities: effective=net_admin, sys_resource, permitted=net_admin, sys_resource
    2018-01-19 16:38:29 INFO Main.cpp[16681]:173 sendHeartbeatReadyOpcode - heartbeat_ready opcode sent.
    2018-01-19 16:38:29 INFO ModuleEac.cpp[16681]:139 handOverEacState - Send EacSwitchRequest to all directly connected endpoints (state=1)

     

     

    HBtrust

    2018-01-19 16:52:44 INFO Sync.pm[18936]:131 SFOS::HBtrust::Central::Sync::prepare_endpoint_keys - Get fingerprints stored in database
    2018-01-19 16:52:44 INFO Sync.pm[18936]:152 SFOS::HBtrust::Central::Sync::prepare_endpoint_keys - User devices list is empty, nothing to fetch from Central
    2018-01-19 16:52:44 INFO Syncinfo.pm[18936]:45 SFOS::HBtrust::Central::Syncinfo::syncinfo - enabled
    2018-01-19 16:52:44 INFO Syncmissing.pm[18936]:45 SFOS::HBtrust::Central::Syncmissing::syncmissing - Reporting 0 endpoints as missing to Sophos Central
    2018-01-19 16:52:44 INFO Syncmissing.pm[18936]:69 SFOS::HBtrust::Central::Syncmissing::_report_missing_heartbeat - Sending Missing Endpoints to Sophos Central: utm-cloudstation-eu-central-1.prod.hydra.sophos.com/.../missing
    2018-01-19 16:52:44 INFO Syncmissing.pm[18936]:48 SFOS::HBtrust::Central::Syncmissing::syncmissing - Sophos Central requested status for 0 endpoints
    2018-01-19 16:52:44 INFO Syncmeta.pm[18936]:44 SFOS::HBtrust::Central::Syncmeta::syncmeta - Requesting customer information from Sophos Central: utm-cloudstation-eu-central-1.prod.hydra.sophos.com/.../customer
    2018-01-19 16:52:44 INFO IPSET.pm[18936]:33 SFOS::HBtrust::IPSET::write_ipset_sync_file - Write IPSET synchronization file to: /tmp/hb_magic_ipset
    2018-01-19 16:52:44 INFO Syncmeta.pm[18936]:77 SFOS::HBtrust::Central::Syncmeta::syncmeta - Calling heartbeat_ipset OPCODE to set IPSET and synchronize across HA/Cluster
    2018-01-19 16:52:45 INFO hbtrust[18936]:126 main:: - LOCK_EX on /bin/hbtrust is being removed

  • 0 in reply to Mr.Roboto

    Do you see some connects in the heartbeatd log, if you restart the client? 

     

    And did you check your Client Logs? 

    C:\ProgramData\Sophos\Heartbeat\Logs

  • 0 in reply to LuCar Toni

    I'm on it....Do I have to restart the XG if I run SFOS 17.0.3 MR-3?

     

    The client log show this:

    2018-01-18T13:55:54.173Z [ 5620] INFO WinMain ----------------------------------------------------------------------------------------------------
    2018-01-18T13:55:54.173Z [ 5620] INFO WinMain Starting version 4.3.60 of the Sophos Heartbeat service.
    2018-01-18T13:55:54.173Z [ 5620] INFO WinMain ----------------------------------------------------------------------------------------------------
    2018-01-18T13:55:54.238Z [ 6072] INFO ConfigMonitor::StaticThread The configuration monitor thread was started.
    2018-01-18T13:56:15.796Z [ 6148] INFO RetryCalculator::Notify Connection failed.
    2018-01-18T13:56:15.796Z [ 6148] INFO RetryCalculator::Notify Connection re-establish delay value is now 15 seconds
    2018-01-18T14:02:15.782Z [ 6148] INFO RetryCalculator::Notify Connection re-establish delay value is now 60 seconds
    2018-01-19T14:02:22.883Z [ 6148] INFO ConnectionConfiguration::Reload The configuration has changed. Reloading settings.

  • 0 in reply to Mr.Roboto

    The heartbeatd.log is still showing nothing about any connection.

     

    I'll try this on Monday with some other clients in deep.

    I also opened a ticket.

  • 0 in reply to Mr.Roboto

    did you solve it?, i have the same issue!

  • 0 in reply to KhaledMaged

    Can you try following. Perform a Dump on IP 52.5.76.173 and port 8347 on XG. 

    Refer to my tcpdump Guide: 

    https://community.sophos.com/products/community-chat/f/knowledge-base-article-suggestions/105811/how-to-tcpdump-on-xg

    Seems like the Client cannot reach this IP. It is the "Magic IP" which XG is intercepting. So XG need to be the default Gateway or the Default Gateway has to route this traffic to XG. 

Reply Children
No Data