This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[9.312008] APTP working, but archived logs empty

Hi,

I have several ATP events on the dashboard, but the archived logs in /var/log/aptp/2015/07/ are all empty (40 byte empty gz files)

the logs for 06 (June) are intact.

Visiting one of the IPs reported in the dashboard DOES cause the current aptp.log to be updated with new events, so APTP is currently running.

How can I find out why the logs aren't getting stored?

Note other logs such as packetfilter are getting rotated/archived correctly, and the system is not low on disk space or RAM (4GB).

Thanks,
Barry

This thread was automatically locked due to age.

0 BAlfson over 10 years ago

I don't think it will make a difference, Barry, but how about trying the 9.313 Up2Date? If you use a syslog server, are the logs sent to it?

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 BarryG over 10 years ago

Hi Bob,

I don't use a syslog server (at home).

Yesterdays events did make it into the log archive.

So... either
a. the dashboard is lying about ATP events "since 7/4"
or
b. the log for the events was lost

I'm not sure which is the case.

Barry
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 10 years ago

Barry, I just remembered that some ATP blocks are recorded in other log files. Have you checked in the related logs?

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 BarryG over 10 years ago

Hi, I searched all the logs for 'Generic' as the alert was for "C2/Generic-A"; nothing came up other than the latest APTP log.

Thanks,
Barry
Cancel
Vote Up 0 Vote Down

Cancel