Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 4 subscribers
  • Views 13173 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Syslog Stopping

ToddMiller
I seem to be running into an issue where the remote logging stops at midnight.  I can coax it back into working by stopping and restarting the remote logging within the web UI.  But this leaves a gap from midnight until whenever I log in and restart.  Any thoughts?


This thread was automatically locked due to age.
  • 0
    Hi,

    1. UTM version # ?

    2. disk space and RAM OK?
    see Reporting->Hardware

    Barry
  • 0
    1.  Firmware version: 9.305-4
    2.  Average memory usage:    23.87%
    3.  Average disk usage:  42.38%, 1.58%, 15.90% (root, log, storage)

    That's all for the past week.  This issue has been occurring for the past few months.
  • 0
    Please click on [Go Advanced] and attach a picture of the Hardware graph for the last 24 hours.  Do you have the same problem if you send logs to a different device?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    Attached.

    I've had this problem pointing to both Logstash (former) and Splunk (current).

    And of course it didn't happen last night, probably because I posted about it [;)]
  • 0
    Switched from TCP to UDP and things look a bit more consistent.
  • 0 in reply to ToddMiller
    Would you mind sharing with me how you setup logging from Sophos UTM to Splunk? I tried contacting Sophos support but they told me SNMP is better without explaining how to configure anything.

    I have a fresh Sophos UTM 9 and Splunk Enterprsie instance spinning but not sure how to correctly configure Splunk to ingest Sophos UTM logs.

    I've tried the Splunk Add-on for Sophos but again, no details on how to setup UTM 9.

    I'm currently trying to install and configure syslog-ng on the Splunk Enterprise instance but it feels like that is the wrong approach.

    I just need to see an example...
Unfiltered HTML