Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 3 subscribers
  • Views 4666 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

No more data in the Webserver Protection report for Top Attackers since update HA cluster from v9.407-3 to v9.506-2

Damien Duchenne

Dear all,

 

Since I've updated my HA cluster of two Sophos UTM 9 from version 9.407-3 to version 9.506-2, I have no more data in the Logging & Reporting section > Webserver Protection > Details > Top Attackers.

For the Top Clients section, I have no issue, but for the Top Attackers, I have no more information displayed since the update.

I really don't know what I could do. Can someone help me?

Thank you very much in advance.

 

Best regards,

Damien



This thread was automatically locked due to age.
Parents
  • 0

    Salut Damien and welcome to the UTM Community!

    Did you do the upgrade of your PostgreSQL databases to 64-bit?  In any case, I would get Sophos Support involved, but I suspect that they will have you re-initialize the databases with:

    /etc/init.d/postgresql92 rebuild

    That command will delete all history in Reporting but will not affect the logs.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hello Bob,


    Thank you very much for your reply and sorry for my late answer.

    I've tried the command you gave on our acceptance environment on a single appliance and it seems to work. I will schedule the same on our production cluster outside business hours, assuming that the appliances will have the same behavior even if they are in cluster.

    Thank you very much again for your help.

     

    Best regards,

    Damien

Reply
  • 0 in reply to BAlfson

    Hello Bob,


    Thank you very much for your reply and sorry for my late answer.

    I've tried the command you gave on our acceptance environment on a single appliance and it seems to work. I will schedule the same on our production cluster outside business hours, assuming that the appliances will have the same behavior even if they are in cluster.

    Thank you very much again for your help.

     

    Best regards,

    Damien

Children
  • 0 in reply to Damien Duchenne

    I haven't done this on an HA setup, Damien, but I suspect that you will need to do the rebuild on the Slave node first and then on the Master.  Please confirm that with Sophos Support and come back here to complete this thread.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi Bob,

     

    I've performed the same action on the cluster. I tried first on the slave member, but the command has been rejected, so I needed to do it only on the active member.

    Unfortunately, the command didn't solved my problem. All logs were well reset, but the "Top Attackers" report remains with 0 entries :-(

    Thank you very much anyway for your help.

     

    Regards,

    Damien

Unfiltered HTML