Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 4 subscribers
  • Views 2992 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Traffic flow troubleshooting - log file investigation

Rob Pelletier1

Haven't installed or used too many Sophos devices, but I have some out there.

Recently had a client report that all software updates have been failing since their Sophos SG115 (UTM9) was installed.

Months ago - nobody thought to let me know.

This unit has a bunch of security things installed:   Web Filter, IPS, etc etc

Been looking through the support site, and I don't see anything that attempts to instruct on using the log files to determine what security module is causing this.   How would a guy interpret them?   There are a bunch of logs - which to use?  How to read them?   If I have to go through every individual log file, is there an ideal order to inspect them in?

When I'm really frustrated, I think this product, as functional and diverse as it is, is not really well-designed.   What good is it that all these modules and features are there if there's no way to manage or troubleshoot it?

Starting to realize, however, that it may not be so much an issue of poor design as it is poor documentation.

Has anyone seen an article that walks someone through the process of searching for what might be blocking a particular type of traffic?

 

Thanks



This thread was automatically locked due to age.
Parents
  • 0

    Hi Rob and welcome to the UTM Community!

    Actually, there's a ton of stuff documented, and, like any product that's new to us, it takes awhile to figure out where to look for what.  We all agree that the depth of documentation doesn't rival Cisco's.

    Please be more specific when you ask for input from others here.  What exact version - 9.506?  Which software updates for what equipment?  Are these software updates supposed to be automatic or ???

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Of course you're right - I didn't give much detail.  For a non-specific question, more about finding useful documentation than troubleshooting a specific problem, I figured it wasn't as necessary...

    The device is a SG115 UTM.   FW is currently at  9.510-5

     

    The software updates were just, well updates:   Microsoft Office, for example.   The special software packages they use for their equipment (they do hearing testing, and fit clients for hearing aids).

    All of the updates fail - depending on the way the software was designed, it either just kept trying forever with no updating being done, or it gave some "updates failed" message.

    When the first SG115 failed (just received the RMA replacement), I swapped in some cheap but functional small business router, and when I had it in place, updates started working normally again.

    To be honest, I hadn't intended for this posting to be an appeal to help with my specific issue.   I was kind of hoping maybe someone might direct me to a doc or two on becoming familiar with the log file organization, and general tips on where or how to look when I wanted to troubleshoot a specific issue.

    I'll keep watching here for more guidance, check out the wiki, look for other articles.   I haven't yet found anything that attempts to familiarize one with the complex log files - at least an overview that a person can use to get started.

    And yes, there is a support agreement on the device - I can contact Sophos for assistance, but even the best tech support can be inconvenient at times.    I opened a ticket last week, waited for 12 hours for them to email me back and suggest I call in.     12 hours for that?   They could have had a bot do that in minutes!

    Lesson learned - no more opening a case by email!

     

    Thanks for your answers - your assistance is appreciated.

  • 0 in reply to Rob Pelletier1

    My Rulz thread is one of the links found on my Linkz thread.  I haven't maintained the Linkz thread in awhile, but Log names and service locations will interest you.  You will also want to Google:

    site:community.sophos.com/kb UTM log file

    The best way to open a Support ticket for a UTM is https://myutm.sophos.com/.

    I agree with Doug that you probably need to be looking in the Web Filtering log file to solve the updating problem.  My guess is that you have Web Filtering in Transparent mode and that you are scanning HTTPS.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0 in reply to Rob Pelletier1

    My Rulz thread is one of the links found on my Linkz thread.  I haven't maintained the Linkz thread in awhile, but Log names and service locations will interest you.  You will also want to Google:

    site:community.sophos.com/kb UTM log file

    The best way to open a Support ticket for a UTM is https://myutm.sophos.com/.

    I agree with Doug that you probably need to be looking in the Web Filtering log file to solve the updating problem.  My guess is that you have Web Filtering in Transparent mode and that you are scanning HTTPS.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML