Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

fwlog service stopped

Hi

On XG650, fwlog service is stopped. when I try to restart the service manually by command "service fwlog:start -ds nosync", service starts and immediately stops again.

Here is what I see on fwlog.log when I try to restart the service:

NOTICE: Netlink socket buffer size has been set to 8388608 bytes.

WARNING: We have hit ENOBUFS! We are losing events.

This message means that the current netlink socket buffer size is too small.

Please, check --buffer-size in conntrack(8) manpage.

conntrack v1.4.5 (conntrack-tools): Operation failed: No buffer space available

gr_io: Resource temporarily unavailable, after retrying 5 times

gr_io: Resource temporarily unavailable, after retrying 5 times

gr_io: Resource temporarily unavailable, after retrying 5 times

gr_io: Resource temporarily unavailable, after retrying 5 times

We have another issue on same device that I'm not sure if it is related to above issue:

I have noticed reports are not generated for some users. To test and confirm this issue:

1- Created a test identity based firewall rule with a test username and enabled logging and app and web filter policy to generate web and app reports.

2- Created a TLS inspection rule for same source test machine and verified that sophos_ssl_ca certificate is trusted by client to make sure we have full reporting on tls encrypted traffic

3- Dowloaded over 1 GB of file and waited over 1 hour for generating related report on sophos firrewall on box reporting.

4- Checked web risk&usage, app risk&usage and user data transfer. None of them showed that same test user has downloaded over 1GB. For web and app reports, there was only report for few KB of data and there was no report on user data transfer report.



This thread was automatically locked due to age.
Parents
  • I disabled all the logging for local reporting from System Services > Log Setting and the noticed it takes almost 1 minute to service to stop but enabling all the logs causes service to stop almost immediately. I suspect something takes up all the buffer size and causes to service to stop as this log suggests:
    WARNING: We have hit ENOBUFS! We are losing events. 

    This message means that the current netlink socket buffer size is too small.

    Please, check --buffer-size in conntrack(8) manpage.

    conntrack v1.4.5 (conntrack-tools): Operation failed: No buffer space available
Reply
  • I disabled all the logging for local reporting from System Services > Log Setting and the noticed it takes almost 1 minute to service to stop but enabling all the logs causes service to stop almost immediately. I suspect something takes up all the buffer size and causes to service to stop as this log suggests:
    WARNING: We have hit ENOBUFS! We are losing events. 

    This message means that the current netlink socket buffer size is too small.

    Please, check --buffer-size in conntrack(8) manpage.

    conntrack v1.4.5 (conntrack-tools): Operation failed: No buffer space available
Children
No Data