Hi
On XG650, fwlog service is stopped. when I try to restart the service manually by command "service fwlog:start -ds nosync", service starts and immediately stops again.
Here is what I see on fwlog.log when I try to restart the service:
NOTICE: Netlink socket buffer size has been set to 8388608 bytes.
WARNING: We have hit ENOBUFS! We are losing events.
This message means that the current netlink socket buffer size is too small.
Please, check --buffer-size in conntrack(8) manpage.
conntrack v1.4.5 (conntrack-tools): Operation failed: No buffer space available
gr_io: Resource temporarily unavailable, after retrying 5 times
gr_io: Resource temporarily unavailable, after retrying 5 times
gr_io: Resource temporarily unavailable, after retrying 5 times
gr_io: Resource temporarily unavailable, after retrying 5 times
We have another issue on same device that I'm not sure if it is related to above issue:
I have noticed reports are not generated for some users. To test and confirm this issue:
1- Created a test identity based firewall rule with a test username and enabled logging and app and web filter policy to generate web and app reports.
2- Created a TLS inspection rule for same source test machine and verified that sophos_ssl_ca certificate is trusted by client to make sure we have full reporting on tls encrypted traffic
3- Dowloaded over 1 GB of file and waited over 1 hour for generating related report on sophos firrewall on box reporting.
4- Checked web risk&usage, app risk&usage and user data transfer. None of them showed that same test user has downloaded over 1GB. For web and app reports, there was only report for few KB of data and there was no report on user data transfer report.
This thread was automatically locked due to age.