This article describes the steps to resolve the issue when the executive report generated by iView do not match the individual executive report generated locally on the XG. The following sections are covered:
Applies to the following Sophos products and versions Sophos FirewallSophos iView
Log entries number in the executive report generated by iView for an HA Active Active pair compared to the sum of individual executive report generated locally by each HA node do not match.
Generate an executive report for the HA Active Active pair on iView for one day.
Generate an executive report locally on each node of the HA for the same day.
Compare the values for a specific app. i.e: Summary > Applications & Web > User Applications > High Risk Applications > Tor Proxy
Executive report from node1 shows x hits / xx bytes
Executive report from node2 shows y hits / yy bytes
We would assume that the executive report from iView will show the total form both nodes: x+y hits / xx+yy bytes which is not happening in most cases.
Garner starts dropping logs when it reached the threshold either on the XG or on the iView, you will see the following log on the XG or iView when garner reaches the threshold and starts dropping new logs:
sethreshold: DROPPING SE
To remediate the issue, Sophos recommends the following:
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.