This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG Firewall 17.5: Logs are not updating on the GUI "Log Viewer"

Sophos XG firewall is offering on Device Reporting and logs, which is a good feature for all SMBs. There is another module "Sophos iView" available for logs and reporting but it is good for some critical organization or big data Center who need a lot of logs, reports, and backup of all those.   

Recently, I faced an issue as there is no log showing on the GUI "Log Viewer" but you will see all logs through the command line or some new logs on the auxiliary device but not on the primary devices (new logs not updating). This issue is reported on a virtual and hardware firewall as well. Today I am going to share how to handle this issue without book a ticket with the NOC team.

 

Issue Reported:

Logs are not updating on the GUI "Log Viewer" application of the Sophos XG firewall. 

Troubleshooting Steps:

Please read a full blog post at:

http://www.routexp.com/2019/04/sophos-xg-firewall-175-logs-are-not.html



This thread was automatically locked due to age.
  • Thank you, even though  my report disk was only 10% my reports had stopped from the early on the 14th.

    Restarted garner and reports are being generated again.

    Ian

     
    V18.0.x - e3-1225v5 6gb ram on 4 port MB with 2 x APX120 - 20w. 
    If a post solves your question use the 'This helped me' link.
  • Hi,

    the fix appears to have fixed everything except mail. While today's mail shows in logviewer, none of yesterday's mail does even after the garner restart. The Reports -> mail in the GUI is empty for today 16th April.

    Ian

     

    Update:- 1100 16/4 a miracle has happened, I now have mail reports.

     
    V18.0.x - e3-1225v5 6gb ram on 4 port MB with 2 x APX120 - 20w. 
    If a post solves your question use the 'This helped me' link.
  • Something went very badly wrong. Today's report was missing details about user activity.

    I have restarted the XG to see if that fixes the issue tomorrow morning.

    Ian

     
    V18.0.x - e3-1225v5 6gb ram on 4 port MB with 2 x APX120 - 20w. 
    If a post solves your question use the 'This helped me' link.
  • Hi,

    I am happy that this solution is worked for you!

    Regards,

    Deepak Kumar

    Sophos Architect | NSE 4 | CCNP | CISE 

  • After some days, logs stopped again; after using command service garner:restart -ds nosync it fills up again.

    It happend after 17.5 MR4; now using MR4-1; but sill stopping after a few days

  • Do your daily reports show your user activity? Also after a restart to get user activity reported I am seeing data from the previous day eg the device was not on the network yesterday.

    Ian

     
    V18.0.x - e3-1225v5 6gb ram on 4 port MB with 2 x APX120 - 20w. 
    If a post solves your question use the 'This helped me' link.
  • Hi,

    Please book a ticket with TAC team. I am investigating the issue on my firewall.

    Regards,

    Deepak Kumar

    Sophos Architect | NSE 4 | CCNP | CISE 

  • [#8781763] Web support ticket.

  • Garner is the "center daemon" for logging. So if this daemon dies, your logging stops. 

     

    https://community.sophos.com/kb/en-us/126722

    Maybe for your Information. 

    __________________________________________________________________________________________________________________

  • The question is why after the upgrade has it stopped? Why does it take a restart to get all the reports working again eg user activity? 

    Until the upgraded I had not experienced any issues with the garner process.

    Ian

     
    V18.0.x - e3-1225v5 6gb ram on 4 port MB with 2 x APX120 - 20w. 
    If a post solves your question use the 'This helped me' link.