Sophos XG firewall is offering on Device Reporting and logs, which is a good feature for all SMBs. There is another module "Sophos iView" available for logs and reporting but it is good for some critical organization or big data Center who need a lot of logs, reports, and backup of all those.
Recently, I faced an issue as there is no log showing on the GUI "Log Viewer" but you will see all logs through the command line or some new logs on the auxiliary device but not on the primary devices (new logs not updating). This issue is reported on a virtual and hardware firewall as well. Today I am going to share how to handle this issue without book a ticket with the NOC team.
Logs are not updating on the GUI "Log Viewer" application of the Sophos XG firewall.
Please read a full blog post at:
Thank you, even though my report disk was only 10% my reports had stopped from the early on the 14th.
Restarted garner and reports are being generated again.
the fix appears to have fixed everything except mail. While today's mail shows in logviewer, none of yesterday's mail does even after the garner restart. The Reports -> mail in the GUI is empty for today 16th April.
Update:- 1100 16/4 a miracle has happened, I now have mail reports.
Something went very badly wrong. Today's report was missing details about user activity.
I have restarted the XG to see if that fixes the issue tomorrow morning.
I am happy that this solution is worked for you!
After some days, logs stopped again; after using command service garner:restart -ds nosync it fills up again.
It happend after 17.5 MR4; now using MR4-1; but sill stopping after a few days
Do your daily reports show your user activity? Also after a restart to get user activity reported I am seeing data from the previous day eg the device was not on the network yesterday.
Please book a ticket with TAC team. I am investigating the issue on my firewall.
[#8781763] Web support ticket.
Garner is the "center daemon" for logging. So if this daemon dies, your logging stops.
Maybe for your Information.
The question is why after the upgrade has it stopped? Why does it take a restart to get all the reports working again eg user activity?
Until the upgraded I had not experienced any issues with the garner process.