This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG Firewall 17.5: Logs are not updating on the GUI "Log Viewer"

Sophos XG firewall is offering on Device Reporting and logs, which is a good feature for all SMBs. There is another module "Sophos iView" available for logs and reporting but it is good for some critical organization or big data Center who need a lot of logs, reports, and backup of all those.   

Recently, I faced an issue as there is no log showing on the GUI "Log Viewer" but you will see all logs through the command line or some new logs on the auxiliary device but not on the primary devices (new logs not updating). This issue is reported on a virtual and hardware firewall as well. Today I am going to share how to handle this issue without book a ticket with the NOC team.

 

Issue Reported:

Logs are not updating on the GUI "Log Viewer" application of the Sophos XG firewall. 

Troubleshooting Steps:

Please read a full blog post at:

http://www.routexp.com/2019/04/sophos-xg-firewall-175-logs-are-not.html



This thread was automatically locked due to age.
Parents
  • Hi,

    As my closing comment on this issue that this is happening due to some instability issue and it will go away if you will disable the Email Notification for IPSec  Tunnel up/Down and Email Later for Login failure (as per shown in the Picture). 

      

    Regards,

    Deepak Kumar

    Sophos Architect | NSE 4 | CCNP | CISE 

Reply
  • Hi,

    As my closing comment on this issue that this is happening due to some instability issue and it will go away if you will disable the Email Notification for IPSec  Tunnel up/Down and Email Later for Login failure (as per shown in the Picture). 

      

    Regards,

    Deepak Kumar

    Sophos Architect | NSE 4 | CCNP | CISE 

Children
  • Hi,

    that is not a fix, but a temporary work around that does not offer solution to the missing services. It is not an instability issue, but a software issue that should have been fixed in MR-6 as promised.

    Ian

     

    edited layout, something went wrong with the page load.

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • rfcat_vk said:
    that is not a fix

     

    +1

    But at least Garner has remained up for now. Better to have it working that the need for that email notification.

    Sophos XG 450 (SFOS 18.5.1 MR-1)

    Sophos R.E.D 50 x 2

    Always configuring new stuff.....

  • However, there’s a need  to maintain a log book of all those temporary work-arounds on all  appliances, since they last months.  Our customers do not pay for that.

    Paul jr

  • Anyone has an update on this ?

    Paul Jr

  • Its actually not even a temporary work around.

    IPSec data is not being written to the system log.

    So if an IPSec tunnel drops and reconnects, there are no log messages, even though the Firewall logging is working.

     

    Need some way of extracting the console logs. Having a major Azure issue at present.

    Regards,

    Gavin Daniels. DipIT(Networking)

     

     
  • You could get brave, enable the logging and create a batch run the restart garner each night.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hey there.

     

    No use doing something to restart the Gartner service when the IPSec logs are not being written when it is already running.

     

    Something has changed from 17.5.4 to 17.5.6 to break that

    Regards,

    Gavin Daniels. DipIT(Networking)

     

     
  • Hello Gavin,

    If you are not getting any IPSEC log lines in the SYSTEM log comp then yiu have a different problem than this issue and should contact support. This Garner issue is for all logs or none at all.

    Not had any issues with IPSEC logs being written noticeably on any of mine/customer firewalls.

    Emile

  • Hi,

     

    Already have a support ticket in the system,

    Its just that this customer uses the IPSec connections a lot, so not logging really stood out.

     

    Originally had the Gartner issue, and after disabling notifications and restarting, the firewall is now logging. but trying to track an azure issue without logs is difficult.

     

    Regards

     

    Gavin

    Regards,

    Gavin Daniels. DipIT(Networking)

     

     
  • Silly question ... How many customers do you maintain ?  For statistic purposes.

    Here, I do not have to restart garner that much.  I presume it is related to the quantity of logs generated, and maybe to the speed the appliance manages these logs.  I say that because or appliances are overkill and we have few users.  Their web activities being mostly mails.  We have have IP telephony.  This generates "A LOT" however.

    Paul Jr