We'd love to hear about it! Click here to go to the product suggestion community
Sophos XG firewall is offering on Device Reporting and logs, which is a good feature for all SMBs. There is another module "Sophos iView" available for logs and reporting but it is good for some critical organization or big data Center who need a lot of logs, reports, and backup of all those.
Recently, I faced an issue as there is no log showing on the GUI "Log Viewer" but you will see all logs through the command line or some new logs on the auxiliary device but not on the primary devices (new logs not updating). This issue is reported on a virtual and hardware firewall as well. Today I am going to share how to handle this issue without book a ticket with the NOC team.
Logs are not updating on the GUI "Log Viewer" application of the Sophos XG firewall.
Please read a full blog post at:
Thank you, even though my report disk was only 10% my reports had stopped from the early on the 14th.
Restarted garner and reports are being generated again.
In reply to rfcat_vk:
the fix appears to have fixed everything except mail. While today's mail shows in logviewer, none of yesterday's mail does even after the garner restart. The Reports -> mail in the GUI is empty for today 16th April.
Update:- 1100 16/4 a miracle has happened, I now have mail reports.
Something went very badly wrong. Today's report was missing details about user activity.
I have restarted the XG to see if that fixes the issue tomorrow morning.
I am happy that this solution is worked for you!
In reply to Deepak Verma:
After some days, logs stopped again; after using command service garner:restart -ds nosync it fills up again.
It happend after 17.5 MR4; now using MR4-1; but sill stopping after a few days
In reply to PRC_N:
Do your daily reports show your user activity? Also after a restart to get user activity reported I am seeing data from the previous day eg the device was not on the network yesterday.
Please book a ticket with TAC team. I am investigating the issue on my firewall.
[#8781763] Web support ticket.
Garner is the "center daemon" for logging. So if this daemon dies, your logging stops.
Maybe for your Information.
In reply to LuCar Toni:
The question is why after the upgrade has it stopped? Why does it take a restart to get all the reports working again eg user activity?
Until the upgraded I had not experienced any issues with the garner process.
Hi we have a similar issue. Our logs stopped working too. We also saw issues with CPU usage where a reboot clears it but after about 2 days CPU usage jumps by an extra 30%+ after a few days. I have been told that our CPU usage is normal even though before the update it was nowhere near that high and Sophos have connected in and seen the Garner daemon at 99% on 1 core. No matter how much I try to tell them something is wrong they are just more interested in closing the case.
In reply to Pwc:
I would find that response a little strange, since MR-4 my memory usage has dropped from 55% to 47% consistently and CPU is about the same 3-12%.
Sounds like you might have a corrupt reporting database?
Hi memory usage has been fine. They have already been in and fixed the DB errors and say there are no more issues. When I get chance I am going to check if the garner service is back at 99% usage again.
Broken again sometime yesterday. I have a small amount of data from yesterday and nothing in the GUI this morning.
I am going to restart the XG to see if that quickly fixes the issue.
Update:- restart fixed the reporting and logging issues. Why was a restart required?
What is Firmware version and Did you tried with Flush complete Reporting? If you faced any issue next time then, please collect some command output as
system diagnostics show subsystem-info
Below articles will help you: