SFOS 19.0.0 GA-Build317 : Log Viewer behavior

Firewall logs are generated for each packet that matched a firewall rule with logging enabled. So It's huge amount of logs and cannot be stored for a long period. To store these logs for an extended period, you should setup am external syslog server and configure firewall to send logs to that server.

Find related info here: https://docs.sophos.com/nsg/sophos-firewall/18.0/Help/en-us/webhelp/onlinehelp/AdministratorHelp/SystemServices/LogSettings/SyslogServerAdd/index.html

hello

I think it is bug in v19, because I have old server with SFOS V17.5.17 when I view in log viewer (Admin events) it shows all admin events.

But in v19 (time filter doesn't work) and even (admin events) only show events logged thru 10 minutes only,

(I tried all types of loges (admin, authentication, admin, etc. ..) , same problem only last logs in 10 minutes.

thanks a lot

that really sounds like an issue, because the log retentions is based on the log component. Logs with few entries can go back many days or weeks while firewall log will most likely get only ~ one day on high traffic machines.

So if you change a firewall rule now, the log is shown in Admin log, and after 15 minutes you will no longer find it there? also with other browser?

Just tried mine using the 30 minute on the firewall tab the display ended at 30 minutes.

What hardware version and how much data is processed by your XG?

ian

hello

I tried with different browsers (all modules logs) , same problem.

Hello

Testing Server :dell R510 with HDD (512 GB) with Sophos XG software (SFOS 19.0.0 GA-Build317) [(fresh installation using v19 iso with restore backup config ) not upgraded from v18]. 

and I can view admin events from reports, I saw all admin events for the last three month, But not in log viewer (only last 10 minutes).

I did System Check :

System diagnostics show disk
Partition Utilization(%)
===============================
configuration 9%
content 1%
report 7%

Notes:

1- Fresh installation not upgraded

2- I tried all browsers.

3- I have another server But upgraded from v18 to v19 :  log viewer works perfect and there are no problems.

So I think the problem is If we install fresh SFOS using v19 iso.

thanks

So the current behavior of Logviewer shows you the recent Logs. You can scroll down and this will show you more until the logviewer will rotate. 

There was a bug in the old EAP version, which broke this behavior. This means, there was only a specific time frame. But it should be fixed. 

If you go to a rarely used module, are you sure about the data contained? 

A new build does not restore logs from a backup,

Ian

hello

I mean restore configurations from backup, not logs, it is clean v19 installation with restore configurations.

hello

Scrolling is working, for example firewall logs I can scroll down [it disabled live show] and I can view many pages but within 10 minutes.

But admin or system events it always show last events within certain time.

for example: I accesses log viewer at 11:05, it show logs from 11:05 to 10:46 , all modules.

even I view (standard or details view) same logs are viewed.

As I guessed before server with V18 to v19 upgrade no problems, But New installation with (SW-19.0.0_GA-317.iso) have these problems.

thanks