Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 9 replies
  • Subscribers 0 subscribers
  • Views 26067 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Enterprise console not updating

DrCheese

Hi Guys,

Since rebooting the server that hosts Sophos last night, the enterprise console appears to have stopped updating. It's showing computers disconnected that I know are on and active, it's not reporting new Device control events or virus events (ran the eicar test virus on a few machines)

Nor can I force the update manager to run an update. It just seems totally frozen :s I've rebooted again since and it stays the same.

Looking at the network communication report shows no problems so I'm a bit lost as to what's going on. Is there any logs I can look at that might help?

I'm running 4.5

:8545


This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    I assume that all the Sophos services on the management server came up on restart?  The main ones of interest for the problem as you describe here being the "Sophos Management Service" and "Sophos Message Router".  Are these OK?
    Restart without problems?

    To trace what's happening in the logs.  I would start with the router logs. I.e. "\ProgramData\Sophos\Remote Management System\3\Router\Logs\Router-[Timestamp].log"

    You should see lines such as:

    I Routing to EM: id=0148571F, origin=Router$[ClientName].Agent, dest=EM, type=EM-GetStatus-Reply

    This is an incoming status message from an endpoint.

    Messages such as this will be stored by the router in:
    "\ProgramData\Sophos\Remote Management System\3\Router\Envelopes\" as .msg files until they are sent to their intended destination.

    In the case of the Sophos Message Router handing off messages to the Sophos Management Service for processing into the database, following the above line in the Router logs you should see the assocaited line:

    01.02.2011 18:55:27 0B54 I Sent message (id=0148571F) to EM


    Here we can see that the status message (0148571F) was "Sent" to the management service, so the Router has performed its function.  The next place to look in the logging would be:

    "\ProgramData\Sophos\Sophos Endpoint Management\4.5\log\sophos-management-services.log"

    You should see lines like:

    "Received status from Router$[ClientName]"

    The other log of interest is:

    "\ProgramData\Sophos\Sophos Endpoint Management\4.5\log\Msgn-[timestamp].log

    Which is the logging of the messaging component in the management service.  

    It's really tracing the messages up to see how far they are getting.  

    Also of interest is ensuring that the management service is logging on to the router in the first place.  In the router log you should see the line:

    "I Logged on EM as a client"

    Where "EM" is the internal name for the Sophos Management service with out this happening the management service will not be able to send or receive messages.  Other "Clients" that log on to the router are the Certification Manager and Management Agent, the act of those logging on to the router show up as:

    "I Logged on CM as a client"
    "I Logged on Agent as a client"

    Regards,

    Jak

    :8647
Reply
  • 0

    Hi,

    I assume that all the Sophos services on the management server came up on restart?  The main ones of interest for the problem as you describe here being the "Sophos Management Service" and "Sophos Message Router".  Are these OK?
    Restart without problems?

    To trace what's happening in the logs.  I would start with the router logs. I.e. "\ProgramData\Sophos\Remote Management System\3\Router\Logs\Router-[Timestamp].log"

    You should see lines such as:

    I Routing to EM: id=0148571F, origin=Router$[ClientName].Agent, dest=EM, type=EM-GetStatus-Reply

    This is an incoming status message from an endpoint.

    Messages such as this will be stored by the router in:
    "\ProgramData\Sophos\Remote Management System\3\Router\Envelopes\" as .msg files until they are sent to their intended destination.

    In the case of the Sophos Message Router handing off messages to the Sophos Management Service for processing into the database, following the above line in the Router logs you should see the assocaited line:

    01.02.2011 18:55:27 0B54 I Sent message (id=0148571F) to EM


    Here we can see that the status message (0148571F) was "Sent" to the management service, so the Router has performed its function.  The next place to look in the logging would be:

    "\ProgramData\Sophos\Sophos Endpoint Management\4.5\log\sophos-management-services.log"

    You should see lines like:

    "Received status from Router$[ClientName]"

    The other log of interest is:

    "\ProgramData\Sophos\Sophos Endpoint Management\4.5\log\Msgn-[timestamp].log

    Which is the logging of the messaging component in the management service.  

    It's really tracing the messages up to see how far they are getting.  

    Also of interest is ensuring that the management service is logging on to the router in the first place.  In the router log you should see the line:

    "I Logged on EM as a client"

    Where "EM" is the internal name for the Sophos Management service with out this happening the management service will not be able to send or receive messages.  Other "Clients" that log on to the router are the Certification Manager and Management Agent, the act of those logging on to the router show up as:

    "I Logged on CM as a client"
    "I Logged on Agent as a client"

    Regards,

    Jak

    :8647
Children
No Data
Unfiltered HTML