This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HELP - Reporting no longer working

I'm hoping for some community help! 

I recently transferred my configuration to new(er) hardware and in terms of performance/traffic it's running as expected. This was a clean install of 9.503-4 and my config was imported successfully during the initial wizard. The problem I'm having is that with the exception of my Log Files (todays and archived) I'm getting no reporting. Even the Dashboard Threat Status shows all zeros. The Log Partition Status shows all zeros, and only the 'Hardware' and 'Network Usage' pages show anything in graphs. I've also noticed that I'm no longer getting Executive reports although I do get other alert emails so I know my SMTP settings are correct. I tried to generate an ad hoc Executive Report on my gateway and it just spun without ever completing. 

All of these pretty graphs and things worked on my old platform running the exact same code (though it wasn't a clean install... it was upgraded over time). I've tried rebooting but I'm not sure what else to do, other than possibly rush to install 9.504 but this doesn't seem to be a systemic issue with 9.503. The best matches for similar community posts were from 10+ years ago.

I will say FWIW that I am using remote syslog as well which is working correctly, and that isn't something that was added with this new install. The data is all there, it just doesn't seem to be getting parsed and presented properly. It feels like some sort of DB issue but I have no idea on how to go about troubleshooting/fixing that. I've tried the simple reboot to no avail.

Suggestions?



This thread was automatically locked due to age.
Parents
  • This is totally out of nowhere but something that came to mind.... Is it possible that my setup has TOO much storage or memory and messed up the install? As I've noted (or if I hadn't, I am now), I've used UTM for years and various old hardware and never had an issue at all, even before it was 'Sophos'. Those systems initally were on like 4GB RAM, 120GB HDD all the way up to say 32GB RAM and 500GB HDD. The current system I've installed this to, newer hardware that I've actually never gotten to be fully working... yes it operates totally normally and runs super smooth, just the reporting never worked and appears tied to PostgreSQL somehow... is 64GB RAM and 1.2TB disk (hardware RAID but the installer saw it just fine as 1.2TB). 

     

    I can't come up with anything in my head as to why I'm having this issue. I've done clean installs with the latest version, I've done clean installs with slightly older versions and upgrade. I've even gone clean install and rebuilt my config from scratch (pain) but this reporting issue won't die. I'm just wondering if this is some fluke bug that I'm hitting because I've finally gone too big. I'm asking the question first because thats easiest but my next thought is to backup my config, rebuild from scratch with say only 900GB, and see what happens. That just sucks because I won't be fully using the drives I have.

     

    Any thoughts or miracle solutions would be appreciated!

  • Matt, how can it be anything other than a hardware error - RAM, HD or HD controller?  What if you try with different single DIMMs to see if one may not be bad?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • I would certainly lean yes but this isn't the first time I've used the hardware. I ran Windows Server on it for quite a long time with no issues. The system health checks pass fine (HP's "Sea of Sensors" and iLO checks are pretty extensive). The Sophos OS does see all the memory, see's the RAID, etc. I really do understand the process of elimination you mention, I'm just not sold on it. I would probably go back to using my old server but it's unfortunately limited to two physical interfaces and my current one has 8, which I'm using most. I'm also a home user so don't want to spend money :) (as I say I'm running a 8 core, 64GB, 1.2TB ProLiant server that is doing the job a 6 year old desktop could do)

    Anyway, thanks for the response. 

  • I know this has been a while (sorta fell off my radar as the product works in day-to-day operation) but I wanted to give a follow up.

    RESOVED

    I did some more digging through old community topics today and found this: https://community.sophos.com/products/unified-threat-management/f/management-networking-logging-and-reporting/32257/error-database-reporting-does-not-exist

    It was a long shot, since it was based on UTM v7 but it worked (once I corrected to use pgsql92 instead of pgsql). To be fair, I have been keeping current with patches and am running on 9.509 but until this morning the reporting still was not working. 

     

    # su postgres /var/storage/pgsql92/init/reporting_db_init.sh

Reply Children
No Data