Security audit report - "No record found"

Hi,

which version of XG software are you running?

Ian

Thanks. I see this at the top-left of the Control Center page: SFV2C4MSP (SFOS 18.5.1 MR-1-Build326) 

Hello there,

Thank you for contacting the Sophos Community.

It looks like the report is generating, I would be checking the smtpd_main.log for clues, as most likely the emails are getting rejected.

Regards,

A little confused by your reply. I am getting the emails with the PDF attachment, but there's no data in the PDF anymore.

Hello djb,

Oh sorry about that, my mind went to not receiving the reports as I had that issue after adding an additional WAN interface for testing two days ago. 

If the reports aren’t showing, try deleting the reporting and regenerating it.

If the issue persists check the following logs and commands:

console> show on-box-reports (This most likely is set to ON)
console> system diagnostics show disk (shouldn't show at more than 90%) 
#garner.log
#postgres.log

Regards,

Thanks emmosophos. I just went to recreate the Security Dashboard I had originally created. Upon trying to create a new one, I do not see "Security Dashboard" in the report group drop-down anymore. I haven't upgraded the router so I don't know how it could not be there anymore, so I chose "web server protection" instead. Is there a new name for "Security Dashboard"? In any case, I've recreated a bunch of new reports. I was just hoping "try again" wouldn't be the fix :\

====================================================

Hello there,

So to recreate the Security audit report you would need to click next to Report. 

If you click in Report, then you’ll be able to choose from different reports, but the Security audit report.

If you want to have the Report Group/Book Mark that says Security Dashboard, then you need to schedule the report directly from the Report Dashboard 

Regards,

Thanks. I see that now. Something interesting I notice while scheduling the Security Dashboard. Below the "Schedule" button it shows a bunch of charts based on data it found in the timeframe chosen. However, all of my charts say "No record found" just like they do in the attached PDFs in the emails. Only until I go back to December 9th, 2021 does something finally show up. Seems to be no records after that. Then I change the drop-down from Security dashboard to "Traffic Dashboard" and it also stopped showing data from December 9th going forward. Meaning, until data starts showing up in the reporting section again, they won't show in the PDFs either. Thoughts? 

Sophos Firmware Version SFOS 18.5.1 MR-1-Build326

console> show on-box-reports
Local Reporting : on

console> system diagnostics show disk
Partition        Utilization(%)
===============================
configuration        15%
content               5%
report               90%
console>

Hello,

It looks like your report partition is getting full and that might be causing the issue.

Take a look at the following KB for troubleshooting and how to purge the reports.

Regards,

Thanks for the link. I now see many alerts that it was filling up. 

Looks like I'm going to do a manual purge, but kind of surprised there isn't any kind of default first-in-first-out setting to delete old logs to prevent this from happening, and to keep the reporting working. I tried to figure out exactly what logs (from the below pic) are filling up the partition but it doesn't look like the reports get that granular. It would be nice if the below picture showed how much each line item is currently taking up in the reports partition. 

[EDIT] 40 minutes later after doing a "purge all", the Reports partition went from 90% to 88% -- so it seems to be verrrry slow going.

emmosophos Thanks again. I forgot to ask if you know of a better solution for managing this. Do you know how to A) make it so I don't have to do anything manual like this again, and B) set up email alerting so I am notified when this kind of thing happens?