RE: identify spikes in traffic, ssl/tls and sessions before outage

Erick Jan — Wed, 19 Apr 2023 15:44:06 GMT

Hi Maximillian,

Thank you for reaching out to Sophos Community.

In the Log viewer, check the Firewall and IPS sections around the time of the incident if there was a spike. There may be additional hints about the problematic source.

Also, you may want to check the following to troubleshoot the cause for future reference.

1.Check system graph on WEB UI
System graphs must cover the time of sudden reboot/crash, and "live graph" is preferred over "Today", preferred over "Last 48 hours"
2. Core Dump
ls -lh /var/cores

3. Check %CPU and Service with highest utilization by typing

top
to exit click ctrl+c
https://community.sophos.com/sophos-xg-firewall/f/recommended-reads/134787/sophos-firewall-understanding-top-and-atop-command-in-xg-utm

You may also raise a ticket to Sophos Support for further assistance via the link https://soph.so/SophosSupport