SspEdrProcess.log only errors: feedassembler.cpp: 156 Cannot convert unrecognised threat type to string

Hi,

while looking for logs for malfunction of FujitsuDeskupdate because of Sophos Intercept X Client, I found a log called SspEdrProcess.log which does only contain errors and a new log entry is created every few seconds all day long. What is the use of it and what is the problem here?

C:\ProgramData\Sophos\Endpoint Defense\Logs\SspEdrProcess_09.log

[W 2020-09-22T12:47:46.324Z:T000029f4:...feedassembler.cpp: 156] Failed to process journal event: Cannot convert unrecognised threat type to string
[W 2020-09-22T12:47:46.328Z:T000029f4:...feedassembler.cpp: 156] Failed to process journal event: Cannot convert unrecognised threat type to string
[W 2020-09-22T12:47:46.332Z:T000029f4:...feedassembler.cpp: 156] Failed to process journal event: Cannot convert unrecognised threat type to string
[W 2020-09-22T12:47:46.335Z:T000029f4:...feedassembler.cpp: 156] Failed to process journal event: Cannot convert unrecognised threat type to string
[W 2020-09-22T12:47:46.339Z:T000029f4:...feedassembler.cpp: 156] Failed to process journal event: Cannot convert unrecognised threat type to string
[W 2020-09-22T12:52:36.189Z:T000029f4:...feedassembler.cpp: 156] Failed to process journal event: Cannot convert unrecognised threat type to string
[W 2020-09-22T12:52:36.198Z:T000029f4:...feedassembler.cpp: 156] Failed to process journal event: Cannot convert unrecognised threat type to string
[W 2020-09-22T12:52:36.208Z:T000029f4:...feedassembler.cpp: 156] Failed to process journal event: Cannot convert unrecognised threat type to string
[W 2020-09-22T12:52:36.227Z:T000029f4:...feedassembler.cpp: 156] Failed to process journal event: Cannot convert unrecognised threat type to string
[W 2020-09-22T12:52:36.236Z:T000029f4:...feedassembler.cpp: 156] Failed to process journal event: Cannot convert unrecognised threat type to string
[W 2020-09-22T12:52:36.245Z:T000029f4:...feedassembler.cpp: 156] Failed to process journal event: Cannot convert unrecognised threat type to string

Btw. the cause for Deskupdate malfunction could not be found in any logs, it just did'nt work until adding global exceptions for the exe and Fujitsu download URLs in Central.

Hi LHerzog_Central

Could you please provide mopre details of what is happening when you access Deskupdate? Do you see anything under Event logs? 

Hello,

I find absolutely nothing in the logs and thats why I went looking in the local text logs.

I do not expect the logs shown above to be in relation to Fujitsu DeskUpdate but want to let you know that there may be an other issue with a component and that such a logfile is useless when it only contains the same error repeated thousands of times.

I expected something more interesting in  those probably EDR related logs.

that log records actions and outcomes for uploading data into Sophos Central for EDR - it doesn't contain information on what the scanner is doing or detecting - directly.

If you want to see what the scanner is doing you need to read the C:\ProgramData\Sophos\Sophos File Scanner\Logs\SophosFileScanner.log - in default logging level it will just record detections and engine information. However, you can increase the logging level to debug for more granular information - if you need that you can contact support for the instructions. 

https://support.sophos.com/support/s/article/KB-000038787?language=en_US&c__displayLanguage=en_US