Thread Info
  • State Suggested Answer
  • Replies 11 replies
  • Answers 2 answers
  • Subscribers 19 subscribers
  • Views 346 views
  • Users 0 members are here
Options
Suggested

Log Viewer not Updating

BlackSheepOne

Hello,

I am running XG FW firmware version 19.0.0.

Log Viewer is no longer showing current entries for all categories.

The last entry logged was on 1/26/22.

I've checked log settings and disk space and everything looks correct.

I also have several firewall rules checked to 'log firewall traffic' however no traffic is being logged.

Any ideas where else I could look or how to resolve?



Added TAGs
[edited by: emmosophos at 5:01 PM (GMT -7) on 13 Jun 2022]
Parents
  • 0

    Hello there,

    Thank you for contacting the Sophos Community.

    Adding to rfcat suggestion, check if the garner and reportdb services are running: (You need to SSH in to the XG and press 5>3 to land in  the advanced shell)

    # service -S | grep garner
    # service -S | grep report
    # csc custom status (you should look for Busy Workers) 

    If you notice either the garner or report services stopped or not running, try starting or restanting it

    # service garner:restart -ds nosync

    # service reportdb

    Check for any error in the:

    • garner.log 
    • reportdb.log
    • postgres.log

    Regards,

     
    Emmanuel (EmmoSophos)
    Community Support Engineer | Sophos Technical Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • 0 in reply to emmosophos

    I've restarted and when I checked services of garner and reportdb, both were running.

    I did find the following in the garner, reportdb and postgres log files.  It appears to be some sort of corruption?  Do either of you know what the tail of these logs are pointing to?  The postgres log hasn't been updated since May:

    tail garner.log
    SFEVENTSFTS: Jun 13 19:29:08Z:execute_sqlite_prepared_stmt: stmt execution failed: database disk image is malformed
    SFEVENTSFTS: Jun 13 19:29:08Z:execute_sqlite_prepared_stmt: stmt execution failed: cannot commit - no transaction is active
    SFEVENTSFTS: Jun 13 19:29:08Z:end_transaction: Transaction Couldn't COMMIT;
    SFEVENTSFTS: Jun 13 19:29:08Z:sqllite_db_fini: Transaction End Failed
    SFEVENTSFTS: Jun 13 19:29:08Z:end_transaction: Transaction Couldn't COMMIT;
    SFEVENTSFTS: Jun 13 19:29:08Z:reset_transaction: end Transaction Failed
    SFEVENTSFTS: Jun 13 19:29:08Z:sqlite_db_insert_data: reset transaction failed for table 'tbllog'
    SFEVENTSFTS: Jun 13 19:29:08Z:sfeventsfts_insert_data: insert failed with SQLITE_GENERAL_ERROR
    SFEVENTSFTS: Jun 13 19:29:08Z:sfeventsfts_insert_data failed

    tail reportdb.log
    10459 2022-06-13 19:28:13.395 GMTLOG:  unexpected EOF on client connection with an open transaction
    21784 2022-06-13 19:28:13.395 GMTLOG:  unexpected EOF on client connection with an open transaction
    20225 2022-06-13 19:28:13.396 GMTLOG:  unexpected EOF on client connection with an open transaction
    21770 2022-06-13 19:28:13.397 GMTLOG:  unexpected EOF on client connection with an open transaction
    21768 2022-06-13 19:28:13.398 GMTLOG:  unexpected EOF on client connection with an open transaction
    22666 2022-06-13 19:28:13.398 GMTLOG:  could not receive data from client: Connection reset by peer

    tail postgres.log
    5347 2022-05-28 03:52:48.130 GMTLOG:  shutting down
    5347 2022-05-28 03:52:48.838 GMTLOG:  database system is shut down
    5357 2022-05-28 03:55:32.593 GMTLOG:  database system was shut down at 2022-05-28 03:55:16 GMT
    5353 2022-05-28 03:55:32.914 GMTLOG:  database system is ready to accept connections
    5361 2022-05-28 03:55:32.915 GMTLOG:  autovacuum launcher started
    5438 2022-05-28 03:56:56.021 GMTERROR:  null value in column "value" violates not-null constraint
    5438 2022-05-28 03:56:56.021 GMTDETAIL:  Failing row contains (config cpulist, null, ips, ips.conf).
    5438 2022-05-28 03:56:56.021 GMTSTATEMENT:  with upsert as (UPDATE tblconfiguration set value=(SELECT servicevalue from tblclientservices where servicekey = 'ips_cpulist') where module = 'ips' and key='config cpulist' returning *) INSERT into tblconfiguration (key,value,module,filename) SELECT 'config cpulist', servicevalue, 'ips', 'ips.conf' from tblclientservices where servicekey = 'ips_cpulist' and (SELECT count(*) from tblconfiguration where module = 'ips' and key='config cpulist') = 0
    5438 2022-05-28 03:56:56.157 GMTERROR:  current transaction is aborted, commands ignored until end of transaction block
    5438 2022-05-28 03:56:56.157 GMTSTATEMENT:  SELECT txid_current()

  • 0 in reply to BlackSheepOne

    Hello,

    I am looking for some help on this one.

    Anyone know what the logs from my last post are indicating?

    I haven't received any Log Viewer data for some time now.

    Thanks

  • 0 in reply to BlackSheepOne

    A quick look at the logs information would imply a faulty disk and maybe the time on the XG is not updating correctly.

    ian

    XG115W - v19 GA - Home

    1225v5 6gb ram, SSID, 4 NICs 20w - v19 EAP - on holiday.

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to BlackSheepOne

    Hello there,

    The logs indicated that your DB is corrupted, which is the cause for which your Log Viewer is not updating.

    Do you see any core dump under ls -la /var/cores/

    You could take a backup of your current configuration and re-image your device, if the issue re-appears most likely your HDD might have started to fail in which case you might need to RMA the device if it is still under warranty. 

    Regards,

     
    Emmanuel (EmmoSophos)
    Community Support Engineer | Sophos Technical Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
Reply Children
Unfiltered HTML