This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can't setup a remote for the log

UTM release 9.605-1.

New home installation, trying to setup a remote for the log, but I get an error message I don't understand, and never seen. All options except email fail with the same error:

  

The production firewalls in the office have a working remote setting (SCP), but if I try to change the host there (I tried 2 different host objects above), I get the same error message.

Is this a regression in this release? Known bug?



This thread was automatically locked due to age.
  • I'm a little confused, Harro - you showed us a setup for using an SSH server where "SRV 01 - Backup server" is apparently not a Host object.  Then, you showed us the same problem with an FTP server.  Please show us the Edit of the "SRV 01 - Backup server" object.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Sorry for that. ;-)

    The second screenshot is just to show that nothing is accepted, no matter what method you chose for the remote log (except email, as that doesn't require a host object).

    It absolutely IS a host object, it's been there for a few years on our production UTM's, I simply can't update it anymore since the last update of the UTM, not in my new home setup, and not on our production UTM's. 

    Here's the object (screenshot from our production UTM):

     

    I also tried several other Host objects as a test, like our office Synology in the FTP screenshot, but no defined Host object is accepted.

  • HI  

    I tried to set this up on my home device with a Host definition similar to the one you used and it worked.


    Would you be able to check into the logs for this? Log into SSH of UTM 9 first a loginuser and then as root. After that please change the directory to /var/log and then use this command: tail -f confd.log confd-debug.log mdw.log mdw-debug.log | grep "logfiles->remote->host" Once you've started logs, please select the network host definition and apply the settings, any error would show up in the logs.

    Regards

    Jaydeep

  • I am speechless.

    I've been stuggling with this for 3 days, just tried it again, and it accepted the host object without any problems. Same on our production UTM's.

     

    I've checked the logs of the previous days. This is the initial config:

    2019:09:06-08:36:11 esxr1-fw confd[4220]: I main::top-level:562() => id="310c" severity="info" sys="System" sub="confd" name="node changed" node="logfiles->remote->path" value="/storage/backups/firewall-esxr1" oldvalue="" user="admin" srcip="172.18.4.242" sid="ddf64b7a26a2e1b94368db30bff44c29aceeb3f28d0b360f55ad820a79e038d2" facility="webadmin" client="webadmin.plx" pid="13561"
    2019:09:06-08:36:11 esxr1-fw confd[4220]: I main::top-level:562() => id="310c" severity="info" sys="System" sub="confd" name="node changed" node="logfiles->remote->type" value="scp" oldvalue="smb" user="admin" srcip="172.18.4.242" sid="ddf64b7a26a2e1b94368db30bff44c29aceeb3f28d0b360f55ad820a79e038d2" facility="webadmin" client="webadmin.plx" pid="13561"
    2019:09:06-08:36:11 esxr1-fw confd[4220]: I main::top-level:562() => id="310c" severity="info" sys="System" sub="confd" name="node changed" node="logfiles->remote->user" value="firewall" oldvalue="" user="admin" srcip="172.18.4.242" sid="ddf64b7a26a2e1b94368db30bff44c29aceeb3f28d0b360f55ad820a79e038d2" facility="webadmin" client="webadmin.plx" pid="13561"
    2019:09:06-08:36:11 esxr1-fw confd[4220]: I main::top-level:562() => id="310c" severity="info" sys="System" sub="confd" name="node changed" node="logfiles->remote->status" value="1" oldvalue="0" user="admin" srcip="172.18.4.242" sid="ddf64b7a26a2e1b94368db30bff44c29aceeb3f28d0b360f55ad820a79e038d2" facility="webadmin" client="webadmin.plx" pid="13561"
    2019:09:06-08:36:11 esxr1-fw confd[4220]: I main::top-level:562() => id="310c" severity="info" sys="System" sub="confd" name="node changed" node="logfiles->remote->host" value="REF_NetHosSrv01Backu" oldvalue="" user="admin" srcip="172.18.4.242" sid="ddf64b7a26a2e1b94368db30bff44c29aceeb3f28d0b360f55ad820a79e038d2" facility="webadmin" client="webadmin.plx" pid="13561"

    which worked fine, but I used the wrong username and path. When I realised that, I tried to change the path first, two days later:

    2019:09:08-15:55:10 esxr1-fw confd[4220]: I main::top-level:562() => id="310c" severity="info" sys="System" sub="confd" name="node changed" node="logfiles->remote->path" value="/storage/backups/esxr1-firewall
    " oldvalue="/storage/backups/firewall-esxr1" user="admin" srcip="172.18.4.242" sid="7ecc1e486502d0f570abd31e083b7537ca2277d476f934796cea6806c3095a89" facility="webadmin" client="webadmin.plx" pid="29910"
    2019:09:08-16:08:27 esxr1-fw confd[29910]: W Message::err_set:1103() => id="3100" severity="warn" sys="System" sub="confd" name="NODE_OBJECT_BADREF (The remote log file archive host needs network objects.)" user="admin" srcip="172.18.4.242" facility="webadmin" client="webadmin.plx" call="set" goodclass="network" nodelist="logfiles->remote->host" check="input" badref="_custom"

    So, the only field in the UI changed was the path, and still it complained about the network object (which wasn't changed, and which was initially fine).

    A glitch in the UI somewhere perhaps?

  • Looks definitely a glitch somewhere(but I can't think of anything) because this part of UTM did not have any code changes lately. Try that again tomorrow to see if it still works fine.

    Regards

    Jaydeep

  • Will do, thanks for the support.