Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 6 replies
  • Subscribers 4 subscribers
  • Views 3107 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Turn off confd debugging mode in sophos UTM 9

Jesse Garnepudi

Hello,

We have debugging mode turned on, but unsure how to disable it in sophos UTM 9 SG310 firewall. Due to which the confd-debug keep filling up the disk. How can we diable it? 

Thanks for the help,

Jesse.

 



This thread was automatically locked due to age.
Parents
  • 0

    Hi Jesse and welcome to the UTM Community!

    I've never heard of a way to disable the compilation of the confd-debug log.  If this is a paid license, you will want to et a case open with Sophos Support to see what's causing so many entries into that log.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi Bob,

    Thanks for the reply,

    I checked with Sophos paid support, they said disabling it may not be possible but rather suggested adjusting the retention period to 30 or 90 days. But for us, 1 year retention period is a must, to which they suggested to manually deleting older confd-debug logs.

    Regards,

    Jesse. 

  • 0 in reply to Jesse Garnepudi

    If you've selected "Delete logs after a year" for 'Automatic Log File Deletion', Jesse, then you're correctly configured.  Maybe something else is filling the disk that makes confd-debug a problem.  What does df -h tell you?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    output of df -h. Within /var/log dir out of the 54gb used, 39gb is config-debug logs.

  • 0 in reply to Jesse Garnepudi

    Interesting.  If you're not getting notifications that the logging partition is filling up, this shouldn't be a problem.  Nonetheless, it's unusual - I wonder what might be causing this.  What do you see with the following at the command line?

         grep -oP 'client=".*?"' /var/log/confd-debug.log|sort -n|uniq -c|sort -n|tail -10

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • +1 in reply to BAlfson

    Hi Bob,

    It seems we have found the issue, so the firewall has been storing thousands of IPs within DNS definitions, this are from the domain names attached with AWS elastic IPs, which are dynamic in nature and changes all the time. Once we've cleaned it up, the issue has been pretty much resolved.

    Thanks for the help.

    Regards,

    Jesse.

Reply
  • +1 in reply to BAlfson

    Hi Bob,

    It seems we have found the issue, so the firewall has been storing thousands of IPs within DNS definitions, this are from the domain names attached with AWS elastic IPs, which are dynamic in nature and changes all the time. Once we've cleaned it up, the issue has been pretty much resolved.

    Thanks for the help.

    Regards,

    Jesse.

Children
No Data
Unfiltered HTML