Sophos Central Endpoint and SEC: Computers fail/hang on boot after the Microsoft Windows April 9, 2019 update. Please follow knowledge base article 133945
Learn about the Benefits of Multi-Factor Authentication (MFA). Turn your MFA on now!
We'd love to hear about it! Click here to go to the product suggestion community
I cant seem to get reporting working again after reinstall. I followed the community.sophos.com/.../123209 guide and everything except "Log Type - Local" checks out as it gets automatically unchecked after save. I dont event see Reports > Compliance > Events > System Events
looking at the garner.log I spotted the following - do I need to do a reinstall?
Feb 19 11:37:58: OPPOSTGRES: process_pgsql_query: query 'CREATE TABLE available_fwapplicationv7_1550569078 (time bigint,application varchar(384),username varchar(384),destipv6 inet,hostipv6 inet,ruleid bigint,hits bigint DEFAULT 1,upload bigint DEFAULT 1,download bigint DEFAULT 1,bytes bigint DEFAULT 1,hostcountry varchar(4),destcountry varchar(4),risk smallint,technology varchar(32),category varchar(64),eduusergroup character varying(384) default '', srczonename character varying(360) default '', srczonetype character varying(60) default '', destzonename character varying(360) default '', destzonetype character varying(60) default '', appresolver integer,app_id bigint,classification bigint, is_cloud_application bigint, app_parent bigint,in_interface character varying(16) default '',parent_cat_id bigint default 0) ;' execution failed: ERROR: could not read block 279 in file "base/16386/11879": read only 0 of 8192 bytes
Feb 19 11:37:58: OPPOSTGRES: get_next_available_table: new table couldn't createdFeb 19 11:37:58: OPPOSTGRES: do_datainsert: couldn't select table 'fwapplicationv7'Feb 19 11:37:58: OPPOSTGRES: oppostgres_output: log event couldn't inserted
In reply to Ashruf Rodrigues:
OK, I ran a Flush Device Reports and rebooted - I now get some reports but the garner.log has these FORCED CONNECTION RESET messages.
What do they mean and how can I fix it?
Feb 19 12:40:01: OPPOSTGRES: FORCED CONNECTION RESET for TABLE: 'denied_web_content_categorization_datav8' FD: 21Feb 19 12:40:01: OPPOSTGRES: release_postgres_client: Database disconnected FD: 21Feb 19 12:40:01: OPPOSTGRES: move_table_to_usedqueue: moving table 'available_fwapplicationv7_1550571604' FD: 17Feb 19 12:40:01: OPPOSTGRES: move_table_to_usedqueue: table 'available_fwapplicationv7_1550571604' is moved to 'tbl_used_fwapplicationv7' queueFeb 19 12:40:01: OPPOSTGRES: FORCED CONNECTION RESET for TABLE: 'fwapplicationv7' FD: 17Feb 19 12:40:01: OPPOSTGRES: release_postgres_client: Database disconnected FD: 17
It does seem the connection between the database is broken .Could you conduct the folowing steps and try again?
Setup Serial Console Connection using PuTTy
How to backup and restore a configuration
In reply to Aditya Patel:
I have run through your suggestion but still get the FORCED CONNECTION RESET messages in the garner.log
Feb 19 18:20:01: OPPOSTGRES: move_table_to_usedqueue: table 'available_event_datav6_1550585701' is moved to 'tbl_used_event_datav6' queue Feb 19 18:20:01: OPPOSTGRES: FORCED CONNECTION RESET for TABLE: 'event_datav6' FD: 15 Feb 19 18:20:01: OPPOSTGRES: release_postgres_client: Database disconnected FD: 15 ERROR Feb 19 18:22:11 : handle_accept: write() failed during handshake: Broken pipe MESSAGE Feb 19 18:22:26 : height_of_tree : 13 MESSAGE Feb 19 18:22:26 : no_of_nodes: 7176 MESSAGE Feb 19 18:22:26 : size of tree 143520