I have server with SFOS v19, I am confused about log viewer. I think that it always show only logs in 10 minutes window.
I tried to change time filter (all records ,last 4 hours, 60 minutes, etc.) but it doesn't work .
I can only view firewall logs for last 10 minutes, what If I want to view firewall module logs three days or month ago, is this possible ?
or I can view them from another place like reports tab.
can anyone explain the limits of log viewer.
thanks a lot
Firewall logs are generated for each packet that matched a firewall rule with logging enabled. So It's huge amount of logs and cannot be stored for a long period. To store these logs for an extended period…
Firewall logs are generated for each packet that matched a firewall rule with logging enabled. So It's huge amount of logs and cannot be stored for a long period. To store these logs for an extended period, you should setup am external syslog server and configure firewall to send logs to that server.
Find related info here: https://docs.sophos.com/nsg/sophos-firewall/18.0/Help/en-us/webhelp/onlinehelp/AdministratorHelp/SystemServices/LogSettings/SyslogServerAdd/index.html
I think it is bug in v19, because I have old server with SFOS V17.5.17 when I view in log viewer (Admin events) it shows all admin events.
But in v19 (time filter doesn't work) and even (admin events) only show events logged thru 10 minutes only,
(I tried all types of loges (admin, authentication, admin, etc. ..) , same problem only last logs in 10 minutes.
that really sounds like an issue, because the log retentions is based on the log component. Logs with few entries can go back many days or weeks while firewall log will most likely get only ~ one day on high traffic machines.
So if you change a firewall rule now, the log is shown in Admin log, and after 15 minutes you will no longer find it there? also with other browser?
Just tried mine using the 30 minute on the firewall tab the display ended at 30 minutes.
What hardware version and how much data is processed by your XG?
XG115W - v19.0.1 mr-1 - Home
1225v5 6gb ram, SSID, 4 NICs 20w - v19 EAP - on holiday.
If a post solves your question please use the 'Verify Answer' button.
I tried with different browsers (all modules logs) , same problem.
Testing Server :dell R510 with HDD (512 GB) with Sophos XG software (SFOS 19.0.0 GA-Build317) [(fresh installation using v19 iso with restore backup config ) not upgraded from v18].
and I can view admin events from reports, I saw all admin events for the last three month, But not in log viewer (only last 10 minutes).
I did System Check :
System diagnostics show diskPartition Utilization(%)===============================configuration 9%content 1%report 7%
1- Fresh installation not upgraded
2- I tried all browsers.
3- I have another server But upgraded from v18 to v19 : log viewer works perfect and there are no problems.
So I think the problem is If we install fresh SFOS using v19 iso.
So the current behavior of Logviewer shows you the recent Logs. You can scroll down and this will show you more until the logviewer will rotate.
There was a bug in the old EAP version, which broke this behavior. This means, there was only a specific time frame. But it should be fixed.
If you go to a rarely used module, are you sure about the data contained?
A new build does not restore logs from a backup,
I mean restore configurations from backup, not logs, it is clean v19 installation with restore configurations.
Scrolling is working, for example firewall logs I can scroll down [it disabled live show] and I can view many pages but within 10 minutes.
But admin or system events it always show last events within certain time.
for example: I accesses log viewer at 11:05, it show logs from 11:05 to 10:46 , all modules.
even I view (standard or details view) same logs are viewed.
As I guessed before server with V18 to v19 upgrade no problems, But New installation with (SW-19.0.0_GA-317.iso) have these problems.