Sophos XG 18.5.1.326 is Kernel Panicking

Hello there,

Thank you for contacting the Sophos Community.

Adding to what rfcat mentioned, please check the syslog.log csc.log applog.log and /var/cores.

Regards,

Nothing in the logs i could see that was relevant. I ended up switching back to 18.0 firmware and firewall was stable. Re-applied the 18.5.1 update and so far it's been stable. (18 hours).

Spoke too soon. Just kernel panicked again. 14 hours. Only did it on 18.5. Switched back to 18.0 again to see if its better uptime...

System: Dell Optiplex 780 SFF

CPU: Intel E8400
RAM: 4GB
HDD: SATA SSD 120GB
NIC: Intel PCI Dual Ethernet

Note the system had been completely stable since about April; the issue appears to have only started happenign since the 18.5.1 update. I switched back to 18.0.5 MR-5 build 586 and so far it's been stable again. Also I noticed the certificate error I had where my imported certs weren't being trusted even with the appropriate CA certs being loaded has now resolved itself since switching back. 

Still not seeing anything relevant in the logs. I've set up a recorder to capture the screen output next time it panicks. Its only on the screen for 1 or 2 seconds,

Update:

• Running for 4 day(s), 3 hour(s), 14 minute(s).
• No issues after failing back to 18.0.5 MR-5 Build 586

There must be an issue with the 18.5 build.

Hello there,

Thank you for the update and feedback.

Did you get the change for any core dump under /var/cores? what about the logs?

Regards,

So far I haven't risked going back to 18.5 yet as its almost certain to crash again. I will try upgrading to 18.5 again tonight and see how it goes. 

Currently I am on SFOS 18.0.6 MR-6-Build655 and it's completely stable.

I will report back tonight after upgrading as to how it's going, and if it crashes I will try and capture the core dump.

The Firewall just Kernel Panicked again. Just checked the /var/cores folder and there are no files present.

Hello there,

Thank you for the update.

So in that case you would need to capture the console logging

Using PuTTY, go to 'Session' - 'Logging.'

Here, select "All session output', and set the file name to a folder and name for later retrieval.

Configure the Serial connection to use the proper COM port on your PC and a Speed of 38400.

Start the session, and log in to ensure it’s all proper.

Once logged in, you can leave it there or log out and leave the session at the password prompt. Either way, leave the session active and allow it to capture the output from the next reboot.

Once that reboot occurs, you can end the Serial connection and provide the logs to support further investigation.

Have you open a case already for this, if not please open one and share the Case ID with me.

Regards,

Hello there,

Thank you for the update.

So in that case you would need to capture the console logging

Using PuTTY, go to 'Session' - 'Logging.'

Here, select "All session output', and set the file name to a folder and name for later retrieval.

Configure the Serial connection to use the proper COM port on your PC and a Speed of 38400.

Start the session, and log in to ensure it’s all proper.

Once logged in, you can leave it there or log out and leave the session at the password prompt. Either way, leave the session active and allow it to capture the output from the next reboot.

Once that reboot occurs, you can end the Serial connection and provide the logs to support further investigation.

Have you open a case already for this, if not please open one and share the Case ID with me.

Regards,