This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Wan error log

Hello,


Today one of my ISP's wan line showed me an error status then came back up a few times, called my ISP and it was their problem and they fixed.  But I'm still searching all the instance of when this happened.  What log file shows the error states log of a wan connection?



This thread was automatically locked due to age.
Parents
  • Service Monitor logs from the “Logging ->  View Log Files" menu or the command line (less /var/log/service_monitor.log).

    From documentation:
    The UTM checks the WAN links using ICMP messages. Not only the Default Gateway is checked, as a Traceroute is sent to the Root DNS Server. A host is selected along the path to the root server, and the accessibility of this host is checked permanently by way of a ping.

Reply
  • Service Monitor logs from the “Logging ->  View Log Files" menu or the command line (less /var/log/service_monitor.log).

    From documentation:
    The UTM checks the WAN links using ICMP messages. Not only the Default Gateway is checked, as a Traceroute is sent to the Root DNS Server. A host is selected along the path to the root server, and the accessibility of this host is checked permanently by way of a ping.

Children
  • Hey everyone,

     

    I am also looking for a way to see the state of a specific interface in the logs.

    We have one provider (contract is already canceled for this year), who is extremly unreliable, it even got worse after we terminated the contract. The interface goes down for a few seconds every 20 minutes on average. This morning it was every 5-10 minutes. 

    We are in a bit of a discussion with the company since after we terminated they now claim additional money for hardware they installed two years ago (their hardware, broke down due to weather conditions), they try to quadrupple the hourly rate for the hardware installation... Let's say they try to rip us off after we quit (we are not the only ones - multiple legal disputes with whole towns...).

    In the Service Monitor log I only see that the uplink monitoring hosts cannot be reached. But it does not say which interface it is - the only way we have to prove this at the moment isthe email notifications we get when the interface goes down.

     

    Is there any way we can get a log where it says which interface is going down? Also tried to make a multipath rule for ICMP, like this I could setup a host to ping the internet through this interface. But I cannot set Multipath rules for ICMP...

     

    Thanks in advance

     

    Regards,

     

    Tobias

  • Hallo Tobias,

    On the 'Advanced' tab of 'Uplink Monitoring', disable 'Automatic monitoring' and add two hosts to 'Monitoring hosts' with each host bound to a different Interface.  "If a selected host is bound to an interface, it will only be used to monitor this interface."

    Can you use that to achieve what you want?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA