IPS live log - 8 Minutes to get logs

Hi, on my appliances, it opens quickly, but does it delivery data back or an empty view? 

You are lucky, Luca.

For application, the list is empty. For the IPS engine, the list is not empty.

Live log makes me crying, Luca! It is very bad and useless for small appliances. It is not the first one I see where you need to wait or close and open the pop-up log viewer window.

You are lucky, Luca.

For application, the list is empty. For the IPS engine, the list is not empty.

Live log makes me crying, Luca! It is very bad and useless for small appliances. It is not the first one I see where you need to wait or close and open the pop-up log viewer window.

Hello Luk,

what type of hard drive does have your HW appliance? 

A similar behavior was observed with the hardware appliance in the case of conventional rotary disks, typically 2.5 "notebook hard drives with 5400 rpm. All Sophos HW appliances have SSDs (only XG86 has 16GB eMMC), so I would assume that developers assume they all use SSDs only. So the developers (in my opinion) do not really try to optimize disk operations during v18 development. And this behavior can be a consequence. 

I have two pairs of 2.5 "classic 500GB and 1 TB drives on my ESXi hypervisor, and the transition from firewall logs to IPS or application logs is really about one or two minutes for these drives. In the office now for v18 EAP I use XG210 (which has SSD) and there is a transition between the logs in seconds. 

Thanks Alda. I will perform a test on an ssd drive and let the community know.

Hi Community,

this afternoon I found the time to install an SSD drive and the live log now is responsive. Still updating a firewall rule requires 14 seconds but live logs now work smoothly.

Thanks alda