v19 VMware disk usage, reporting full

Question

I've deployed VI-19.0.0_GA.VMW-317.zip last Sunday and migrated SFOS 19.0.0 GA-Build317 from old SFV4C6 to this new one (because of swap problems). Veeam ONE Monitor starts to send Guest disk space "/var" alarms today. It looks like SFOS v. 19 image has much less space for /var than v. 18.5. (along to https://community.sophos.com/sophos-xg-firewall/sfos-v19-early-access-program/f/discussions/133616/v19-hyperv-disk-usage-reporting-full ). 
 
 SFV4C6_VM01_SFOS 19.0.0 GA-Build317# fdisk -l Disk /dev/sda: 16 GB, 17179869184 bytes, 33554432 sectors 2088 cylinders, 255 heads, 63 sectors/track Units: sectors of 1 * 512 = 512 bytes Device Boot StartCHS EndCHS StartLBA EndLBA Sectors Size Id Type /dev/sda1 1023,254,63 1023,254,63 33144832 33423359 278528 136M 83 Linux /dev/sda2 1023,254,63 1023,254,63 33423360 33554431 131072 64.0M 83 Linux Disk /dev/sdb: 80 GB, 85899345920 bytes, 167772160 sectors 10443 cylinders, 255 heads, 63 sectors/track Units: sectors of 1 * 512 = 512 bytes Disk /dev/sdb doesn't contain a valid partition table 
 SFV4C6_VM01_SFOS 19.0.0 GA-Build317# df -h Filesystem Size Used Available Use% Mounted on none 640.6M 11.6M 582.3M 2% / none 2.9G 24.0K 2.9G 0% /dev none 2.9G 16.9M 2.9G 1% /tmp none 2.9G 14.7M 2.9G 0% /dev/shm /dev/boot 127.7M 26.6M 98.4M 21% /boot /dev/mapper/mountconf 560.3M 93.4M 462.9M 17% /conf /dev/content 11.8G 493.4M 11.3G 4% /content /dev/var 3.7G 3.5G 174.5M 95% /var 
 SFV4C6_VM01_SFOS 19.0.0 GA-Build317# df -m /var Filesystem 1M-blocks Used Available Use% Mounted on /dev/var 3776 3589 170 95% /var 
 SFV4C6_VM01_SFOS 19.0.0 GA-Build317# du -d 1 -m /var/|sort -nr|head 2995 /var/ 945 /var/tslog 742 /var/newdb 565 /var/eventlogs 218 /var/savi 204 /var/tmp 192 /var/avira4 46 /var/sasi 24 /var/conan_new 24 /var/conan 
 
 BTW I have no idea why "df -m /var" differs from "du =ms /var". 
 
 SFV4C6_VM01_SFOS 19.0.0 GA-Build317# df -m /var/ && du -ms /var/ Filesystem 1M-blocks Used Available Use% Mounted on /dev/var 3776 3561 199 95% /var 2967 /var/ 
 
 It could be resolved on v19 MR-1 but I can't see it in Resolved issues . Anyway I get "No records found" if I check for new firmware. 
 I've tried to find how to purge report logs but firewall help is not very instructive. What is the recommended procedure?

bobbylam · Accepted Answer

Hi all, 
 We have now posted the v19.0 MR1 installers at https://support.sophos.com/support/s/article/KB-000043162?language=en_US . 
 Like Luca said, this issue affects VMs which were deployed with the v19.0 GA installer. If you re-deploy the VM using this MR1 installer, it would resolve the issue. 
 I understand re-deploying a VM is sizeable effort, so in the meantime we're trying to find another solution to dynamically grow the partition size on a running VM without re-deploying as well.

LuCar Toni · Answer

I will not respond to this thread anymore, as i cannot help you any further. 
 All information are available. The bug is fixed. You need to reinstall with the new V19.0 MR1 installer or an old installer.

LuCar Toni · Answer

It is fixed in MR1. The Build Version does not matter. You should have access to V19.0 MR1 in your Licensing Portal. community.sophos.com/.../sophos-firewall-v19-mr1-re_2d00_release-build-365-is-now-available

__________________________________________________________________________________________________________________

LuCar Toni · Answer

Let me rephrase this: 
 There are different points. And you are starting to mix up certain points: 
 First of all, there are Bugs, which let the /var/ partition fill up. Those root causes are fixed in V19.0 MR1. So the /var/ is not increasing "unexpectedly". Due the fact, that /var/ is used for other things like reporting, it is natural to increase over time, but will be flushed after a while by the settings of the system (Report settings). This is fixed by NC-94291 & NC-100679 - So no unexpected increase of /var/. 
 The current ISO of V19.0 MR1 is not available due the fact, V19.0 MR1 got a respin. Therefore we do not want to push Build350 to the public anymore. The team is currently working on getting ISOs pushed out. The problem is: You have regulations, which has to be hit (Software Export compliance etc.). 
 You can install V18.5 MR4 and upgrade to V19.0 MR1 with the SIG File, you find on your portal. V19.0 MR1 is not available for machines via up2date. And i posted no advise to "restore" the backup. I talked about do a V18.5 MR4 installation, upgrade it and then restore. Maybe this was not clear from my end.

v19 VMware disk usage, reporting full

Top Replies