Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 95 replies
  • Subscribers 58 subscribers
  • Views 72808 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG Firewall 17.5: Logs are not updating on the GUI "Log Viewer"

Deepak Verma

Sophos XG firewall is offering on Device Reporting and logs, which is a good feature for all SMBs. There is another module "Sophos iView" available for logs and reporting but it is good for some critical organization or big data Center who need a lot of logs, reports, and backup of all those.   

Recently, I faced an issue as there is no log showing on the GUI "Log Viewer" but you will see all logs through the command line or some new logs on the auxiliary device but not on the primary devices (new logs not updating). This issue is reported on a virtual and hardware firewall as well. Today I am going to share how to handle this issue without book a ticket with the NOC team.

 

Issue Reported:

Logs are not updating on the GUI "Log Viewer" application of the Sophos XG firewall. 

Troubleshooting Steps:

Please read a full blog post at:

http://www.routexp.com/2019/04/sophos-xg-firewall-175-logs-are-not.html



This thread was automatically locked due to age.
Parents
  • 0

    We're experiencing the same issue on ourXG330 (SFOS 17.5.5 MR-5).

     

    No new logs appear in the GUI Log Viewer.

    Also, seeing a garner error in the fwlog.log and pktcapd.log, and probably others:

    tail -f /var/tslog/fwlog.log

    garner: connect(/tmp/garner.sock) failed: Resource temporarily unavailable

     

    Our disk utilization is low and we haven't hit our watermark threshold:

     

    console> system diagnostics show disk
    Partition        Utilization(%)
    ===============================
    configuration        19%
    content               2%
    report               18%

     

    console> show report-disk-usage watermark
    Lower watermark percentage for report partition is 80%

     

    The only way to temporarily resolve is by restarting the garner service:

    service garner:restart -ds nosync

    This is the 2nd occurrence since we put the Sophos XG into production this week.

Reply
  • 0

    We're experiencing the same issue on ourXG330 (SFOS 17.5.5 MR-5).

     

    No new logs appear in the GUI Log Viewer.

    Also, seeing a garner error in the fwlog.log and pktcapd.log, and probably others:

    tail -f /var/tslog/fwlog.log

    garner: connect(/tmp/garner.sock) failed: Resource temporarily unavailable

     

    Our disk utilization is low and we haven't hit our watermark threshold:

     

    console> system diagnostics show disk
    Partition        Utilization(%)
    ===============================
    configuration        19%
    content               2%
    report               18%

     

    console> show report-disk-usage watermark
    Lower watermark percentage for report partition is 80%

     

    The only way to temporarily resolve is by restarting the garner service:

    service garner:restart -ds nosync

    This is the 2nd occurrence since we put the Sophos XG into production this week.

Children
Unfiltered HTML