This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Connection drops during AV pattern updates

Running SFOS 18.0.1 MR-1-Build396 and have been having dropped traffic issues with VOIP calls and software VPN connections to outside devices at about the same time the AV patterns are updating. Has anyone else noticed this?



This thread was automatically locked due to age.
Parents
  • Hello Keith,

    Thank you for contacting Sophos Support. 

    Could you please let me know which IPS and Application signature and which Sophos AV pattern update is currently installed in your XG?

    If you SSH in to the XG and run from the console (5>4)

    console> drop-packet-capture 'host x.x.x.x' (x.x.x.x any of the computer's IP that is having the issue) 

    regards,


     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • Since the issue only happens when the signatures update I don't have anything that I can send from the capture

  • Hello Keith,

    Thank you for the follow-up.

    Can you run this command in your XG from the back end, just provide the lines from Sep 17 Sep 16 and Sep 15 and confirm if this dates you also noticed the same.

    grep "Initialization Complete" /log/ips.log

    Regards,


     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • That filter produces no results

    If if filter for "initialization" only I get this.

    [Sep 15 14:29:31 :24908]:daq_multi_initialize:Loading and initialization of DAQs
    done
    [Sep 15 14:29:31 :24907]:daq_multi_initialize:Loading and initialization of DAQs
    done
    [Sep 15 14:29:31 :24909]:daq_multi_initialize:Loading and initialization of DAQs
    done
    [Sep 15 14:29:31 :24910]:daq_multi_initialize:Loading and initialization of DAQs
    done
    [Sep 16 12:29:29 :17679]:daq_multi_initialize:Loading and initialization of DAQs
    done
    [Sep 16 12:29:29 :17678]:daq_multi_initialize:Loading and initialization of DAQs
    done
    [Sep 16 12:29:29 :17680]:daq_multi_initialize:Loading and initialization of DAQs
    done
    [Sep 16 12:29:29 :17681]:daq_multi_initialize:Loading and initialization of DAQs
    done
    [Sep 17 14:29:28 :17991]:daq_multi_initialize:Loading and initialization of DAQs
    done
    [Sep 17 14:29:28 :17993]:daq_multi_initialize:Loading and initialization of DAQs
    done
    [Sep 17 14:29:28 :17992]:daq_multi_initialize:Loading and initialization of DAQs
    done
    [Sep 17 14:29:28 :17994]:daq_multi_initialize:Loading and initialization of DAQs
    done

Reply
  • That filter produces no results

    If if filter for "initialization" only I get this.

    [Sep 15 14:29:31 :24908]:daq_multi_initialize:Loading and initialization of DAQs
    done
    [Sep 15 14:29:31 :24907]:daq_multi_initialize:Loading and initialization of DAQs
    done
    [Sep 15 14:29:31 :24909]:daq_multi_initialize:Loading and initialization of DAQs
    done
    [Sep 15 14:29:31 :24910]:daq_multi_initialize:Loading and initialization of DAQs
    done
    [Sep 16 12:29:29 :17679]:daq_multi_initialize:Loading and initialization of DAQs
    done
    [Sep 16 12:29:29 :17678]:daq_multi_initialize:Loading and initialization of DAQs
    done
    [Sep 16 12:29:29 :17680]:daq_multi_initialize:Loading and initialization of DAQs
    done
    [Sep 16 12:29:29 :17681]:daq_multi_initialize:Loading and initialization of DAQs
    done
    [Sep 17 14:29:28 :17991]:daq_multi_initialize:Loading and initialization of DAQs
    done
    [Sep 17 14:29:28 :17993]:daq_multi_initialize:Loading and initialization of DAQs
    done
    [Sep 17 14:29:28 :17992]:daq_multi_initialize:Loading and initialization of DAQs
    done
    [Sep 17 14:29:28 :17994]:daq_multi_initialize:Loading and initialization of DAQs
    done

Children