We'd love to hear about it! Click here to go to the product suggestion community
Sophos XG firewall is offering on Device Reporting and logs, which is a good feature for all SMBs. There is another module "Sophos iView" available for logs and reporting but it is good for some critical organization or big data Center who need a lot of logs, reports, and backup of all those.
Recently, I faced an issue as there is no log showing on the GUI "Log Viewer" but you will see all logs through the command line or some new logs on the auxiliary device but not on the primary devices (new logs not updating). This issue is reported on a virtual and hardware firewall as well. Today I am going to share how to handle this issue without book a ticket with the NOC team.
Logs are not updating on the GUI "Log Viewer" application of the Sophos XG firewall.
Please read a full blog post at:
In reply to Deepak Verma:
XG version 17.5.4-1 mr-4.1
I will try to collect data next time the reports go missing.
The reports are enabled and have been since v15. The reports folder shows 10% usage.
In reply to rfcat_vk:
Broke again overnight. About to start some diagnostics.
those KBAs did not help.
The local reporting : on
The ReportDB is running.
Reports is running at 11%
I will purge the reports and restart the XG.
currently running mr-5. I purged the reports before upgrading and the reports partition is still showing over 10% usage.
We're experiencing the same issue on ourXG330 (SFOS 17.5.5 MR-5).
No new logs appear in the GUI Log Viewer.
Also, seeing a garner error in the fwlog.log and pktcapd.log, and probably others:
tail -f /var/tslog/fwlog.log
garner: connect(/tmp/garner.sock) failed: Resource temporarily unavailable
Our disk utilization is low and we haven't hit our watermark threshold:
console> system diagnostics show diskPartition Utilization(%)===============================configuration 19%content 2%report 18%
console> show report-disk-usage watermarkLower watermark percentage for report partition is 80%
The only way to temporarily resolve is by restarting the garner service:
service garner:restart -ds nosync
This is the 2nd occurrence since we put the Sophos XG into production this week.
In reply to Derek Preston:
I had the same issue again this morning at approx 0130 local time. Very frustrating. A fix is promised in MR-6 which should be out very soon, before end of May?
Could be a Bug.
Just facing this issue today, thank, it saves me a lot of time.
after executing the command line: service garner:restart -ds nosync log viewer updated new data.
I'm using XG310 (SFOS 17.5.5 MR-5) , hope Sophos soon release the new firmware to get it fixed.
In reply to Hung Ho:
I've been working with a Sophos global escalation specialist (GES) in regards to this matter. They stated:
"Development is working on this , the work-around which we can use is "alert notifications"(Administration->Notifications settings->Alert notifications) be disabled and restart the garner."
Hi Derek Preston,
ok, I'll try to disable Alert notifications then restart the garner.
Thank for the notes.
Thanks for the update.
Ok. But you have an idea what "service garner:restart -ds nosync" really does ? I mean, beyond the title ?
I'm always scratching my head when Sophos' development is "on something". What kind of codes Sophos' developers are facing ? We already know XG is mostly a collection of open-source codes. Nothing that unknown. Here, we are taking about a "reporting" bug. Corecting this is not something that's supposed to change the behavior of XG. It does not input anything back into XG's database. And yet, this post is two month old. That bug is known since even further. And no fix on the radar yet. For god's sake, why each and everything takes an eternity to fix at Sophos ?
In reply to Big_Buck:
It still happens with MR6, @10:13 i did service garner:restart -ds nosync
In reply to PRC_N:
Still broken. Broke again last night.