This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

sophos xg log viewer not working

Hello, Since installing the latest version of SFOS Firmware 19.0.0 GA-Build317, I found that reports they are no longer functional since 2022-07-29 13:12:22 , how I should do to solve this problem , this is the first time I have encountered this kind of bug, I have a Sophos XG230,

Thanks in advance

This thread was automatically locked due to age.

Top Replies

Karlos over 3 years ago +1 suggested

Hi ADEL HAMDIPACHA1 , I would start by doing some basic troubleshooting for your on-box reporting in case some of your settings were not transferred post-upgrade: Sophos Firewall: Troubleshoot on-box…

0 Karlos over 3 years ago

Hi ADEL HAMDIPACHA1,

I would start by doing some basic troubleshooting for your on-box reporting in case some of your settings were not transferred post-upgrade: Sophos Firewall: Troubleshoot on-box reporting issues

Thanks,

Karlos
Community Support Engineer | Sophos Technical Support
Knowledge Base | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'This helped me' link.

0 ADEL HAMDIPACHA1 over 3 years ago in reply to Karlos

Hello Karlos,

thank you for your support, we follow your advice, I think I have a problem the latest version of the Firmware, attached screenshot,

Merci d'avance ,

0 Bharat J over 3 years ago in reply to ADEL HAMDIPACHA1

Hi ADEL HAMDIPACHA1,

Please Go to System-->Admininstration --->Backup and Firmware -->Firmware and share the status of the firmware shown on GUI?

Regards

"Sophos Partner: Networkkings Pvt Ltd".

If a post solves your question please use the 'Verify Answer' button.
+1 Vivek Jagad over 3 years ago in reply to ADEL HAMDIPACHA1
Hello ADEL HAMDIPACHA1,

Thank you for the update, looks like it failed to migrate reportdb...

You can reset the reporting database. This will require a reboot and all reporting data will be lost.

Flushing device reports from CLI

Access the firewall's console via SSH.

Select option 5 for Device Management.

Select option 4 to Flush Device Reports.

Type in y to continue flushing the device reports.
Thanks & Regards,
_______________________________________________________________

Vivek Jagad | Team Lead, Technical Support, Global Customer Experience

Log a Support Case | Sophos Service Guide
Best Practices – Support Case | Security Advisories
Compare Sophos next-gen Firewall | Fortune Favors the prepared
Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
0 Mayur Patel over 3 years ago in reply to ADEL HAMDIPACHA1

Hi ADEL HAMDIPACHA1

Can you share log files to check the cause of the said issue?

/log/reportdb/.log

/log/reportmigration.log

/log/migration.log

Thanks & Regards,

Mayur Patel | Senior Software Engineer 2
0 ADEL HAMDIPACHA1 over 3 years ago in reply to Vivek Jagad

hello Vivek Jagad ;

thank you for your support it worked, but the problem of Log viewer which still persists, it does not display the information it is still blocked since 07/29/2022
0 ADEL HAMDIPACHA1 over 3 years ago in reply to Bharat J

hello Bharat ,

here is a screenshot,

thanks ,
0 Vivek Jagad over 3 years ago in reply to ADEL HAMDIPACHA1

Hello ADEL HAMDIPACHA1,

Thank you for the update, glad it worked for you cheers !!
================================================
btw, can you share the screenshot of the log settings under the system services on the web gui ?
also can you share the screenshot of the data management under the reports > show reports settings ?
================================================
And lastly can you share the screenshot of the console> system diagnostics show disk

Thanks & Regards,
_______________________________________________________________

Vivek Jagad | Team Lead, Technical Support, Global Customer Experience

Log a Support Case | Sophos Service Guide
Best Practices – Support Case | Security Advisories
Compare Sophos next-gen Firewall | Fortune Favors the prepared
Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
0 ADEL HAMDIPACHA1 over 3 years ago in reply to Vivek Jagad

hello Vivek Jagad ;

is there a possibility to see log viewer via CLI, in order to ensure the functioning of the service, Thank you
0 Vivek Jagad over 3 years ago in reply to ADEL HAMDIPACHA1

Nope, that would be different !!
======================
This looks okay can you share the rest of the settings ?
>  log settings under the system services on the web gui
>  data management under the reports > show reports settings

Thanks & Regards,
_______________________________________________________________

Vivek Jagad | Team Lead, Technical Support, Global Customer Experience

Log a Support Case | Sophos Service Guide
Best Practices – Support Case  | Security Advisories
Compare Sophos next-gen Firewall | Fortune Favors the prepared
Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.

0 ADEL HAMDIPACHA1 over 3 years ago in reply to Mayur Patel

bonjour , Mayur Patel, Vivek Jagad

here is some event (log), thank you

Fullscreen Log Sophos XG230 SFOS 19.0.1 MR-1-Build365 .txt Download

************************************************************************************************************************************************************


XG230_WP01_SFOS 19.0.1 MR-1-Build365# csc cuustom debug
MESSAGE   Sep 01 13:23:08Z  [csc:3581]: Restricted context is initialized succes                            sfully
ERROR     Sep 01 13:23:08Z  [csc:3581]: Unable to open file : /_conf/csc/bind_fi                            le_list No such file or directory
/_conf/csc/cscdbgopts.conf: No such file or directory
ERROR     Sep 01 13:23:08Z  [csc:3581]: read_conffile: Failed to read file '/_co                            nf/csc/cscdbgopts.conf'
ERROR     Sep 01 13:23:08Z  [csc:3581]: cscdbgopts_parse: Failed to read conffil                            e
ERROR     Sep 01 13:23:08Z  [csc:3581]: Parsing cscdbgopts failed !!!!
MESSAGE   Sep 01 13:23:08Z  [csc:3581]: Starting csc-0.0.0.15 with glibc: 2.27
ERROR     Sep 01 13:23:08Z  [csc:3581]: fopen(/etc/csc/csc.conf) failed: No such                             file or directory
CRITICAL  Sep 01 13:23:08Z  [csc:3581]: parse_conf_file: /etc/csc/csc.conf - No                             such file or directory
/etc/csc/csc.conf: ERROR syntax error
XG230_WP01_SFOS 19.0.1 MR-1-Build365# XG230_WP01_SFOS 19.0.1 MR-1-Build365# csc
cuustom debug
/bin/sh: XG230_WP01_SFOS: not found
XG230_WP01_SFOS 19.0.1 MR-1-Build365# MESSAGE   Sep 01 13:23:08Z  [csc:3581]: Restricted context is initiali
zed succes                            sfully
/bin/sh: MESSAGE: not found
XG230_WP01_SFOS 19.0.1 MR-1-Build365# ERROR     Sep 01 13:23:08Z  [csc:3581]: Unable to open file : /_conf/c
sc/bind_fi                            le_list No such file or directory
/bin/sh: ERROR: not found
XG230_WP01_SFOS 19.0.1 MR-1-Build365# /_conf/csc/cscdbgopts.conf: No such file or directory
ERROR     Sep 01 13:23:08Z  [csc:3581]: Parsing cscdbgopts failed !!!!
MESSAGE   Sep 01 13:23:08Z  [csc:3581]: Starting csc-0.0.0.15 with glibc: 2.27
ERROR     Sep 01 13:23:08Z  [csc:3581]: fopen(/etc/csc/csc.conf) failed: No such                             file or directory
CRITICAL  Sep 01 13:23:08Z  [csc:3581]: parse_conf_file: /etc/csc/csc.conf - No                             such file or directory
/etc/csc/csc.conf: ERROR syntax error
/bin/sh: /_conf/csc/cscdbgopts.conf:: not found
XG230_WP01_SFOS 19.0.1 MR-1-Build365# ERROR     Sep 01 13:23:08Z  [csc:3581]: read_conffile: Failed to read
file '/_co                            nf/csc/cscdbgopts.conf'
/bin/sh: ERROR: not found
XG230_WP01_SFOS 19.0.1 MR-1-Build365# ERROR     Sep 01 13:23:08Z  [csc:3581]: cscdbgopts_parse: Failed to re
ad conffil                            e
/bin/sh: ERROR: not found
XG230_WP01_SFOS 19.0.1 MR-1-Build365# ERROR     Sep 01 13:23:08Z  [csc:3581]: Parsing cscdbgopts failed !!!!
/bin/sh: ERROR: not found
XG230_WP01_SFOS 19.0.1 MR-1-Build365# MESSAGE   Sep 01 13:23:08Z  [csc:3581]: Starting csc-0.0.0.15 with gli
bc: 2.27
/bin/sh: MESSAGE: not found
XG230_WP01_SFOS 19.0.1 MR-1-Build365# ERROR     Sep 01 13:23:08Z  [csc:3581]: fopen(/etc/csc/csc.conf) faile
d: No such                             file or directory
/bin/sh: syntax error: unexpected "("
XG230_WP01_SFOS 19.0.1 MR-1-Build365# CRITICAL  Sep 01 13:23:08Z  [csc:3581]: parse_conf_file: /etc/csc/csc.
conf - No                             such file or directory
/bin/sh: CRITICAL: not found
XG230_WP01_SFOS 19.0.1 MR-1-Build365# /etc/csc/csc.conf: ERROR syntax error
/bin/sh: /etc/csc/csc.conf:: not found

******************************************************************************

XG230_WP01_SFOS 19.0.1 MR-1-Build365# df -kh
Filesystem                Size      Used Available Use% Mounted on
none                    202.7M      2.7M    185.3M   1% /
none                      3.8G     16.0K      3.8G   0% /dev
none                      3.8G     14.5M      3.8G   0% /tmp
none                      3.8G     14.6M      3.8G   0% /dev/shm
/dev/boot               127.7M     39.3M     85.7M  31% /boot
/dev/mapper/mountconf
                        385.4M     74.6M    306.8M  20% /conf
/dev/content             10.3G    616.3M      9.7G   6% /content
/dev/var                 87.1G     17.2G     69.9G  20% /var
XG230_WP01_SFOS 19.0.1 MR-1-Build365#

******************************************************************************

XG230_WP01_SFOS 19.0.1 MR-1-Build365# /log/reportdb/.log
/bin/sh: /log/reportdb/.log: not found
XG230_WP01_SFOS 19.0.1 MR-1-Build365# tail /log/reportmigration.log
2022-08-28 21:24:27.384 GMT : Report db recovery start.
2022-08-28 21:24:27.811 GMT : Report db recovery finish.
2022-08-28 22:21:46.581 GMT : Report db recovery start.
2022-08-28 22:21:47.064 GMT : Report db recovery finish.
2022-08-28 22:35:18.556 GMT : Report db recovery start.
2022-08-28 22:35:18.847 GMT : Report db recovery finish.
2022-08-31 19:25:01.194 GMT : Report db recovery start.
2022-08-31 19:25:01.471 GMT : Report db recovery finish.
2022-08-31 19:48:24.364 GMT : Report db recovery start.
2022-08-31 19:48:24.663 GMT : Report db recovery finish.

******************************************************************************

/log/migration.log
/bin/sh: /log/migration.log: Permission denied

******************************************************************************

/log/reportdb/.log
/bin/sh: /log/reportdb/.log: not found

**********************************************************************************************************************************************************************************************

XG230_WP01_SFOS 19.0.1 MR-1-Build365# tail -30 /log/reportdb.log
12827 2022-08-31 20:01:37.597 GMTLOG:  could not receive data from client: Connection reset by peer
5458 2022-08-31 20:01:37.597 GMTLOG:  unexpected EOF on client connection with an open transaction
5446 2022-08-31 20:01:37.598 GMTLOG:  unexpected EOF on client connection with an open transaction
5444 2022-08-31 20:01:37.599 GMTLOG:  unexpected EOF on client connection with an open transaction
10186 2022-08-31 22:32:29.956 GMTERROR:  canceling statement due to user request
10186 2022-08-31 22:32:29.956 GMTSTATEMENT:  INSERT INTO available_fwapplicationv7_1661974802 (time,applicati                on,username,destipv6,hostipv6,ruleid,hits,upload,download,hostcountry,destcountry,risk,technology,category,ed                uusergroup,srczonename,srczonetype,destzonename,destzonetype,appresolver,app_id,classification,is_cloud_appli                cation,app_parent,in_interface,parent_cat_id) VALUES ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10,$11,$12,$13,$14,$15,$16,                $17,$18,$19,$20,$21,$22,$23,$24,$25,$26)
10955 2022-08-31 23:00:59.688 GMTERROR:  relation "tbl_device_eventv5_4hr_ts_202209" does not exist at charac                ter 13
10955 2022-08-31 23:00:59.688 GMTQUERY:  insert into tbl_device_eventv5_4hr_ts_202209  values('2022-09-01 00:                00:59.687063' ,'Blocked Web',0)
10955 2022-08-31 23:00:59.688 GMTCONTEXT:  PL/pgSQL function denied_web_proc_012() line 35 at EXECUTE stateme                nt
10955 2022-08-31 23:00:59.688 GMTSTATEMENT:   Select denied_web_proc_012();
10957 2022-08-31 23:00:59.694 GMTERROR:  relation "tbl_device_eventv5_4hr_ts_202209" does not exist at charac                ter 13
10957 2022-08-31 23:00:59.694 GMTQUERY:  insert into tbl_device_eventv5_4hr_ts_202209 values('2022-09-01 00:0                0:59.692852' ,'IPS Attack',0)
10957 2022-08-31 23:00:59.694 GMTCONTEXT:  PL/pgSQL function ips_alerts_proc_010() line 48 at EXECUTE stateme                nt
10957 2022-08-31 23:00:59.694 GMTSTATEMENT:   Select  ips_alerts_proc_010();
10960 2022-08-31 23:00:59.699 GMTERROR:  relation "tbl_device_eventv5_4hr_ts_202209" does not exist at charac                ter 13
10960 2022-08-31 23:00:59.699 GMTQUERY:  insert into tbl_device_eventv5_4hr_ts_202209 values('2022-09-01 00:0                0:59.697972' ,'Virus',0)
10960 2022-08-31 23:00:59.699 GMTCONTEXT:  PL/pgSQL function virus_proc_011() line 42 at EXECUTE statement
10960 2022-08-31 23:00:59.699 GMTSTATEMENT:   Select  virus_proc_011();
10958 2022-08-31 23:00:59.710 GMTERROR:  relation "tbl_device_eventv5_4hr_ts_202209" already exists
10958 2022-08-31 23:00:59.710 GMTCONTEXT:  SQL statement "CREATE TABLE tbl_device_eventv5_4hr_ts_202209(like                 tbl_device_eventv5_4hr) INHERITS (tbl_device_eventv5_4hr)"
        PL/pgSQL function mail_spam_proc_009() line 25 at EXECUTE statement
10958 2022-08-31 23:00:59.710 GMTSTATEMENT:   Select  mail_spam_proc_009();
10961 2022-08-31 23:00:59.710 GMTERROR:  relation "tbl_device_eventv5_4hr_ts_202209" already exists
10961 2022-08-31 23:00:59.710 GMTCONTEXT:  SQL statement "CREATE TABLE tbl_device_eventv5_4hr_ts_202209(like                 tbl_device_eventv5_4hr) INHERITS (tbl_device_eventv5_4hr)"
        PL/pgSQL function web_usage_proc_012() line 27 at EXECUTE statement
10961 2022-08-31 23:00:59.710 GMTSTATEMENT:   Select  web_usage_proc_012();
8682 2022-09-01 11:16:04.481 GMTERROR:  canceling statement due to user request
8682 2022-09-01 11:16:04.481 GMTSTATEMENT:  INSERT INTO available_fwapplicationv7_1661973604 (time,applicatio                n,username,destipv6,hostipv6,ruleid,hits,upload,download,hostcountry,destcountry,risk,technology,category,edu                usergroup,srczonename,srczonetype,destzonename,destzonetype,appresolver,app_id,classification,is_cloud_applic                ation,app_parent,in_interface,parent_cat_id) VALUES ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10,$11,$12,$13,$14,$15,$16,$                17,$18,$19,$20,$21,$22,$23,$24,$25,$26)
1380 2022-09-01 11:16:08.167 GMTLOG:  checkpoints are occurring too frequently (6 seconds apart)
1380 2022-09-01 11:16:08.167 GMTHINT:  Consider increasing the configuration parameter "checkpoint_segments".


******************************************************************************************************************************************************************************************************************************************