This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPS Debugging Sophos XG19

Is there a Best Practice/Guide/HowTo document that described how to go about investigating IPS problems? I seem to go round this every time I have an IPS issue, but somehow never find what help I am looking for - which may be my own shortcomings in searching.

The notifications don't tell you much, and the documentation doesn't seem to say much about the individual rules.

Regards,

   Paul McGinnie



This thread was automatically locked due to age.
  • Hello ,

    Thank you for reaching out to the community. You can check the logging with the help CLI: https://docs.sophos.com/nsg/sophos-firewall/19.0/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Logs/LogFileDetails/index.html

    To enable/disable the *IPS logs:  service ips:debug -ds nosync
    To check the live logs: tail -f /log/ips.log

    *NOTE - Ensure the "Log firewall traffic." is enabled under the firewall rule. 

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 

    Log a Support Case | Sophos Service Guide
    Best Practices – Support Case


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • Hi - I have copied the ips.log file from the firewall, and edited it down to today's entries and anonymised some internal IP addresses - file attached below. I don't see anything illuminating though - can i change the data logged to be more effective?

    2022-06-29T00:15:01.366612Z [ 3940] signo_handler: got signal 2
    2022-06-29T00:15:01.366665Z [ 3940] setVariable: set signal 62
    2022-06-29T00:15:01.366682Z [32665] signo_handler: got signal 2
    2022-06-29T00:15:01.366727Z [32665] setVariable: set signal 62
    2022-06-29T00:15:01.366737Z [  414] csigno_handler: got signal 62
    2022-06-29T00:15:01.366740Z [  415] csigno_handler: got signal 62
    2022-06-29T00:15:01.366748Z [  417] csigno_handler: got signal 62
    2022-06-29T00:15:01.366755Z [  416] csigno_handler: got signal 62
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    2022-06-29T00:45:01.214080Z [ 3940] signo_handler: got signal 2
    2022-06-29T00:45:01.214120Z [ 3940] setVariable: set signal 62
    2022-06-29T00:45:01.214136Z [32665] signo_handler: got signal 2
    2022-06-29T00:45:01.214175Z [32665] setVariable: set signal 62
    2022-06-29T00:45:01.214181Z [  414] csigno_handler: got signal 62
    2022-06-29T00:45:01.214189Z [  416] csigno_handler: got signal 62
    2022-06-29T00:45:01.214188Z [  415] csigno_handler: got signal 62
    2022-06-29T00:45:01.214205Z [  417] csigno_handler: got signal 62
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    2022-06-29T03:00:06.288828Z [ 3940] signo_handler: got signal 2
    2022-06-29T03:00:06.288875Z [ 3940] setVariable: set signal 62
    2022-06-29T03:00:06.288891Z [32665] signo_handler: got signal 2
    2022-06-29T03:00:06.288939Z [32665] setVariable: set signal 62
    2022-06-29T03:00:06.288948Z [  415] csigno_handler: got signal 62
    2022-06-29T03:00:06.288956Z [  416] csigno_handler: got signal 62
    2022-06-29T03:00:06.288958Z [  417] csigno_handler: got signal 62
    2022-06-29T03:00:06.288967Z [  414] csigno_handler: got signal 62
    2022-06-29T05:00:06.724229Z [ 3940] signo_handler: got signal 2
    2022-06-29T05:00:06.724268Z [ 3940] setVariable: set signal 62
    2022-06-29T05:00:06.724281Z [32665] signo_handler: got signal 2
    2022-06-29T05:00:06.724307Z [32665] setVariable: set signal 62
    2022-06-29T05:00:06.724318Z [  414] csigno_handler: got signal 62
    2022-06-29T05:00:06.724321Z [  416] csigno_handler: got signal 62
    2022-06-29T05:00:06.724327Z [  417] csigno_handler: got signal 62
    2022-06-29T05:00:06.724333Z [  415] csigno_handler: got signal 62
    2022-06-29T05:00:06.799768Z [ 3940] signo_handler: got signal 2
    2022-06-29T05:00:06.799800Z [ 3940] setVariable: set signal 62
    2022-06-29T05:00:06.799813Z [32665] signo_handler: got signal 2
    2022-06-29T05:00:06.799838Z [32665] setVariable: set signal 62
    2022-06-29T05:00:06.799849Z [  414] csigno_handler: got signal 62
    2022-06-29T05:00:06.799853Z [  416] csigno_handler: got signal 62
    2022-06-29T05:00:06.799856Z [  417] csigno_handler: got signal 62
    2022-06-29T05:00:06.799861Z [  415] csigno_handler: got signal 62
    2022-06-29T05:00:06.874855Z [ 3940] signo_handler: got signal 2
    2022-06-29T05:00:06.874888Z [ 3940] setVariable: set signal 62
    2022-06-29T05:00:06.874900Z [32665] signo_handler: got signal 2
    2022-06-29T05:00:06.874925Z [32665] setVariable: set signal 62
    2022-06-29T05:00:06.874939Z [  416] csigno_handler: got signal 62
    2022-06-29T05:00:06.874936Z [  414] csigno_handler: got signal 62
    2022-06-29T05:00:06.874944Z [  417] csigno_handler: got signal 62
    2022-06-29T05:00:06.874950Z [  415] csigno_handler: got signal 62
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    2022-06-29T06:00:01.402195Z [ 3940] signo_handler: got signal 2
    2022-06-29T06:00:01.402239Z [ 3940] setVariable: set signal 62
    2022-06-29T06:00:01.402260Z [32665] signo_handler: got signal 2
    2022-06-29T06:00:01.402286Z [32665] setVariable: set signal 62
    2022-06-29T06:00:01.402298Z [  414] csigno_handler: got signal 62
    2022-06-29T06:00:01.402302Z [  416] csigno_handler: got signal 62
    2022-06-29T06:00:01.402308Z [  417] csigno_handler: got signal 62
    2022-06-29T06:00:01.402312Z [  415] csigno_handler: got signal 62
    UST sessiontbl_get_tuple API returned -1
    2022-06-29T08:00:00.236138Z [ 3940] signo_handler: got signal 2
    2022-06-29T08:00:00.334452Z [ 3940] setVariable: set signal 62
    2022-06-29T08:00:00.334466Z [32665] signo_handler: got signal 2
    2022-06-29T08:00:00.334502Z [32665] setVariable: set signal 62
    2022-06-29T08:00:00.334526Z [  417] csigno_handler: got signal 62
    2022-06-29T08:00:00.334529Z [  416] csigno_handler: got signal 62
    2022-06-29T08:00:00.334535Z [  415] csigno_handler: got signal 62
    2022-06-29T08:00:00.337602Z [  414] csigno_handler: got signal 62
    2022-06-29T08:00:00.390581Z [ 3940] signo_handler: got signal 2
    2022-06-29T08:00:00.390618Z [ 3940] setVariable: set signal 62
    2022-06-29T08:00:00.390629Z [32665] signo_handler: got signal 2
    2022-06-29T08:00:00.390662Z [32665] setVariable: set signal 62
    2022-06-29T08:00:00.390669Z [  414] csigno_handler: got signal 62
    2022-06-29T08:00:00.390670Z [  415] csigno_handler: got signal 62
    2022-06-29T08:00:00.390680Z [  417] csigno_handler: got signal 62
    2022-06-29T08:00:00.390688Z [  416] csigno_handler: got signal 62
    2022-06-29T08:00:01.043840Z [ 3940] signo_handler: got signal 2
    2022-06-29T08:00:01.043884Z [ 3940] setVariable: set signal 62
    2022-06-29T08:00:01.043900Z [32665] signo_handler: got signal 2
    2022-06-29T08:00:01.043935Z [32665] setVariable: set signal 62
    2022-06-29T08:00:01.043949Z [  415] csigno_handler: got signal 62
    2022-06-29T08:00:01.043953Z [  417] csigno_handler: got signal 62
    2022-06-29T08:00:01.043953Z [  416] csigno_handler: got signal 62
    2022-06-29T08:00:01.043989Z [  414] csigno_handler: got signal 62
    2022-06-29T08:19:55.138631Z [  415/0x0] [nsg_nse_policy.c:1572:__nsg_error] 10.XX.YY.85:41308 to 52.94.234.174:443: Error from nse: NSE:Internal [0xb0000586;code:134;sub:5] Flow timeout
    2022-06-29T09:00:01.295145Z [ 3940] signo_handler: got signal 2
    2022-06-29T09:00:01.295190Z [ 3940] setVariable: set signal 62
    2022-06-29T09:00:01.295209Z [32665] signo_handler: got signal 2
    2022-06-29T09:00:01.295246Z [32665] setVariable: set signal 62
    2022-06-29T09:00:01.295257Z [  414] csigno_handler: got signal 62
    2022-06-29T09:00:01.295262Z [  416] csigno_handler: got signal 62
    2022-06-29T09:00:01.295267Z [  417] csigno_handler: got signal 62
    2022-06-29T09:00:01.295291Z [  415] csigno_handler: got signal 62
    2022-06-29T09:00:06.401542Z [ 3940] signo_handler: got signal 2
    2022-06-29T09:00:06.401576Z [ 3940] setVariable: set signal 62
    2022-06-29T09:00:06.401588Z [32665] signo_handler: got signal 2
    2022-06-29T09:00:06.401618Z [32665] setVariable: set signal 62
    2022-06-29T09:00:06.401624Z [  414] csigno_handler: got signal 62
    2022-06-29T09:00:06.401630Z [  415] csigno_handler: got signal 62
    2022-06-29T09:00:06.401637Z [  417] csigno_handler: got signal 62
    2022-06-29T09:00:06.401641Z [  416] csigno_handler: got signal 62
    2022-06-29T09:00:06.481418Z [ 3940] signo_handler: got signal 2
    2022-06-29T09:00:06.481451Z [ 3940] setVariable: set signal 62
    2022-06-29T09:00:06.481463Z [32665] signo_handler: got signal 2
    2022-06-29T09:00:06.481491Z [32665] setVariable: set signal 62
    2022-06-29T09:00:06.481499Z [  414] csigno_handler: got signal 62
    2022-06-29T09:00:06.481502Z [  415] csigno_handler: got signal 62
    2022-06-29T09:00:06.481509Z [  417] csigno_handler: got signal 62
    2022-06-29T09:00:06.481517Z [  416] csigno_handler: got signal 62
    2022-06-29T10:52:01.357913Z [ 3940] signo_handler: got signal 256
    2022-06-29T10:52:01.359235Z [ 3940] setVariable: set signal 55
    2022-06-29T10:52:01.359292Z [32665] signo_handler: got signal 256
    2022-06-29T10:52:01.359337Z [32665] setVariable: set signal 55
    2022-06-29T10:52:01.359347Z [  468/0x0] [nsg_web_config_reload.c:91:process_sig_event] [32665] signal: Real-time signal 21
    2022-06-29T10:52:01.359355Z [  466/0x0] [nsg_web_config_reload.c:91:process_sig_event] [32665] signal: Real-time signal 21
    2022-06-29T10:52:01.359364Z [  465/0x0] [nsg_web_config_reload.c:91:process_sig_event] [32665] signal: Real-time signal 21
    2022-06-29T10:52:01.363757Z [  467/0x0] [nsg_web_config_reload.c:91:process_sig_event] [32665] signal: Real-time signal 21
    2022-06-29T10:52:21.743245Z [ 3940] signo_handler: got signal 256
    2022-06-29T10:52:21.743282Z [ 3940] setVariable: set signal 55
    2022-06-29T10:52:21.743325Z [32665] signo_handler: got signal 256
    2022-06-29T10:52:21.743353Z [32665] setVariable: set signal 55
    2022-06-29T10:52:21.743367Z [  467/0x0] [nsg_web_config_reload.c:91:process_sig_event] [32665] signal: Real-time signal 21
    2022-06-29T10:52:21.743376Z [  468/0x0] [nsg_web_config_reload.c:91:process_sig_event] [32665] signal: Real-time signal 21
    2022-06-29T10:52:21.743374Z [  465/0x0] [nsg_web_config_reload.c:91:process_sig_event] [32665] signal: Real-time signal 21
    2022-06-29T10:52:21.743371Z [  466/0x0] [nsg_web_config_reload.c:91:process_sig_event] [32665] signal: Real-time signal 21
    2022-06-29T10:57:55.290438Z [ 3940] signo_handler: got signal 2
    2022-06-29T10:57:55.290472Z [ 3940] setVariable: set signal 62
    2022-06-29T10:57:55.291391Z [32665] signo_handler: got signal 2
    2022-06-29T10:57:55.291437Z [32665] setVariable: set signal 62
    2022-06-29T10:57:55.291458Z [  417] csigno_handler: got signal 62
    2022-06-29T10:57:55.291454Z [  415] csigno_handler: got signal 62
    2022-06-29T10:57:55.291468Z [  416] csigno_handler: got signal 62
    2022-06-29T10:57:55.291494Z [  414] csigno_handler: got signal 62
    2022-06-29T10:57:55.434360Z [ 3940] signo_handler: got signal 256
    2022-06-29T10:57:55.690526Z [ 3940] setVariable: set signal 55
    2022-06-29T10:57:55.690639Z [32665] signo_handler: got signal 256
    2022-06-29T10:57:55.690671Z [32665] setVariable: set signal 55
    2022-06-29T10:57:55.690735Z [  468/0x0] [nsg_web_config_reload.c:91:process_sig_event] [32665] signal: Real-time signal 21
    2022-06-29T10:57:55.690744Z [  466/0x0] [nsg_web_config_reload.c:91:process_sig_event] [32665] signal: Real-time signal 21
    2022-06-29T10:57:55.695740Z [  465/0x0] [nsg_web_config_reload.c:91:process_sig_event] [32665] signal: Real-time signal 21
    2022-06-29T10:57:55.695740Z [  467/0x0] [nsg_web_config_reload.c:91:process_sig_event] [32665] signal: Real-time signal 21
    2022-06-29T10:57:56.006836Z [ 3940] signo_handler: got signal 2
    2022-06-29T10:57:56.006876Z [ 3940] setVariable: set signal 62
    2022-06-29T10:57:56.006894Z [32665] signo_handler: got signal 2
    2022-06-29T10:57:56.006924Z [32665] setVariable: set signal 62
    2022-06-29T10:57:56.006931Z [  416] csigno_handler: got signal 62
    2022-06-29T10:57:56.006931Z [  415] csigno_handler: got signal 62
    2022-06-29T10:57:56.006937Z [  417] csigno_handler: got signal 62
    2022-06-29T10:57:56.006947Z [  414] csigno_handler: got signal 62
    2022-06-29T10:58:05.968900Z [ 3940] signo_handler: got signal 256
    2022-06-29T10:58:05.968940Z [ 3940] setVariable: set signal 55
    2022-06-29T10:58:05.968962Z [32665] signo_handler: got signal 256
    2022-06-29T10:58:05.968990Z [32665] setVariable: set signal 55
    2022-06-29T10:58:05.968999Z [  468/0x0] [nsg_web_config_reload.c:91:process_sig_event] [32665] signal: Real-time signal 21
    2022-06-29T10:58:05.969001Z [  466/0x0] [nsg_web_config_reload.c:91:process_sig_event] [32665] signal: Real-time signal 21
    2022-06-29T10:58:05.968997Z [  465/0x0] [nsg_web_config_reload.c:91:process_sig_event] [32665] signal: Real-time signal 21
    2022-06-29T10:58:05.969012Z [  467/0x0] [nsg_web_config_reload.c:91:process_sig_event] [32665] signal: Real-time signal 21
    2022-06-29T11:00:00.424291Z [ 3940] signo_handler: got signal 2
    2022-06-29T11:00:00.424338Z [ 3940] setVariable: set signal 62
    2022-06-29T11:00:00.424362Z [32665] signo_handler: got signal 2
    2022-06-29T11:00:00.424389Z [32665] setVariable: set signal 62
    2022-06-29T11:00:00.424406Z [  417] csigno_handler: got signal 62
    2022-06-29T11:00:00.424405Z [  416] csigno_handler: got signal 62
    2022-06-29T11:00:00.424406Z [  414] csigno_handler: got signal 62
    2022-06-29T11:00:00.424412Z [  415] csigno_handler: got signal 62
    2022-06-29T11:00:00.519353Z [ 3940] signo_handler: got signal 2
    2022-06-29T11:00:00.519386Z [ 3940] setVariable: set signal 62
    2022-06-29T11:00:00.519398Z [32665] signo_handler: got signal 2
    2022-06-29T11:00:00.519424Z [32665] setVariable: set signal 62
    2022-06-29T11:00:00.519431Z [  415] csigno_handler: got signal 62
    2022-06-29T11:00:00.519441Z [  416] csigno_handler: got signal 62
    2022-06-29T11:00:00.519456Z [  414] csigno_handler: got signal 62
    2022-06-29T11:00:00.519476Z [  417] csigno_handler: got signal 62
    2022-06-29T11:00:00.610113Z [ 3940] signo_handler: got signal 2
    2022-06-29T11:00:00.610146Z [ 3940] setVariable: set signal 62
    2022-06-29T11:00:00.610158Z [32665] signo_handler: got signal 2
    2022-06-29T11:00:00.610184Z [32665] setVariable: set signal 62
    2022-06-29T11:00:00.610193Z [  415] csigno_handler: got signal 62
    2022-06-29T11:00:00.610195Z [  416] csigno_handler: got signal 62
    2022-06-29T11:00:00.610206Z [  417] csigno_handler: got signal 62
    2022-06-29T11:00:00.610193Z [  414] csigno_handler: got signal 62
    2022-06-29T11:01:05.234796Z [  417/0x0] [nsg_nse_policy.c:1572:__nsg_error] 10.XX.YY.74:63529 to 51.105.37.195:443: Error from nse: NSE:Internal [0xb0000586;code:134;sub:5] Flow timeout
    2022-06-29T11:02:41.849397Z [  417/0x0] [nsg_nse_policy.c:1572:__nsg_error] 10.XX.YY.74:63571 to 51.105.37.195:443: Error from nse: NSE:Internal [0xb0000586;code:134;sub:5] Flow timeout
    2022-06-29T11:03:30.264904Z [  417/0x0] [nsg_nse_policy.c:1572:__nsg_error] 10.XX.YY.74:63600 to 52.98.145.98:443: Error from nse: NSE:Internal [0xb0000586;code:134;sub:5] Flow timeout
    2022-06-29T11:09:00.534041Z [  417/0x0] [nsg_nse_policy.c:1572:__nsg_error] 10.XX.YY.74:63681 to 52.113.195.132:443: Error from nse: NSE:Internal [0xb0000586;code:134;sub:5] Flow timeout
    2022-06-29T11:11:33.240292Z [  417/0x0] [nsg_nse_policy.c:1572:__nsg_error] 10.XX.YY.74:63720 to 52.98.207.130:443: Error from nse: NSE:Internal [0xb0000586;code:134;sub:5] Flow timeout
    2022-06-29T11:26:18.401880Z [  416/0x0] [nsg_nse_policy.c:1572:__nsg_error] 10.XX.YY.74:63959 to 52.113.205.28:443: Error from nse: NSE:Internal [0xb0000586;code:134;sub:5] Flow timeout
    2022-06-29T11:54:36.085181Z [  414/0x0] [nsg_nse_policy.c:1572:__nsg_error] 10.XX.YY.74:64400 to 51.105.37.195:443: Error from nse: NSE:Internal [0xb0000586;code:134;sub:5] Flow timeout
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    UST sessiontbl_get_tuple API returned -1
    2022-06-29T12:35:47.723174Z [  416]:DAQ:INFO:daq_lwp.c:2122(transmit_pkts_for_session)--> [S:42.22058]Max retransmit limit hit, pkt len 1492, dir 1, eof 0. Sending notification to Snort
    

    Thanks,

         Paul

  • check the status of the ips service logs whether in debug or not: 
    > service -S | grep ips
    =============================
    Also check the following in the device console: 
    console> system diagnostics show disk

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 

    Log a Support Case | Sophos Service Guide
    Best Practices – Support Case


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.