Turn off confd debugging mode in sophos UTM 9

Hi Jesse and welcome to the UTM Community!

I've never heard of a way to disable the compilation of the confd-debug log.  If this is a paid license, you will want to et a case open with Sophos Support to see what's causing so many entries into that log.

Cheers - Bob

Hi Bob,

Thanks for the reply,

I checked with Sophos paid support, they said disabling it may not be possible but rather suggested adjusting the retention period to 30 or 90 days. But for us, 1 year retention period is a must, to which they suggested to manually deleting older confd-debug logs.

Regards,

Jesse. 

If you've selected "Delete logs after a year" for 'Automatic Log File Deletion', Jesse, then you're correctly configured.  Maybe something else is filling the disk that makes confd-debug a problem.  What does df -h tell you?

Cheers - Bob

output of df -h. Within /var/log dir out of the 54gb used, 39gb is config-debug logs.

output of df -h. Within /var/log dir out of the 54gb used, 39gb is config-debug logs.

Interesting.  If you're not getting notifications that the logging partition is filling up, this shouldn't be a problem.  Nonetheless, it's unusual - I wonder what might be causing this.  What do you see with the following at the command line?

     grep -oP 'client=".*?"' /var/log/confd-debug.log|sort -n|uniq -c|sort -n|tail -10

Cheers - Bob

Hi Bob,

It seems we have found the issue, so the firewall has been storing thousands of IPs within DNS definitions, this are from the domain names attached with AWS elastic IPs, which are dynamic in nature and changes all the time. Once we've cleaned it up, the issue has been pretty much resolved.

Thanks for the help.

Regards,

Jesse.