Register Now

Login

Lost Password

Lost your password? Please enter your email address. You will receive a link and will create a new password via email.

How To Troubleshoot Reporting Issues In Sophos XG

Issue:

Here in this article we will troubleshoot the issue when reports are not displaying properly in sophos XG firewall.

Troubleshooting:

Below is the sample scenario where the traffic dashboard in the sophos firewall is showing under blank reports

Dashboard Empty
Blank Reports

Check the status of logging and security policies:

Log firewall traffic must be enabled on firewall rue to generate reports for the specific traffic matching that firewall rule as shown below

Log Firewall Traffic
Log Firewall Traffic

It is best practice to enable logging on all firewall rules.

Apply security policies to all firewall rules, for example set Allow All or Default Policies to web filtering and application filter. If the security policies set to none logs may not generate.

Enable Local Reporting:

We must enable local reporting to generate reports under reports tab.

Click on configure >> system services >> log settings. Enable local reporting for required modules. The best practice is to enable reporting for all the modules.

Local reporting
Local Reporting

Note: Logs for the selected modules can be viewed from the Log Viewer.

You can also enable central reporting which will send reports directly to sophos central, if you register your firewall with sophos central.

Check The Status Of On Box Reporting:

You can check if sophos firewall on box reporting is enabled or disabled by entering console tab of sophos firewall

Login to the sophos firewall CLI. You can use this article for the same:

SSH

Enter Device console (4th option) and type this command: show on-box-reports

Local reporting CLI
Local Reporting

If local reporting is off enable it by entering this command “set on-box-reports on

Check Disk Size Usage:

Use the following command to check the disk usage by reports “system diagnostics show disk“.

Report Disk Usage
Reports

If the reports usage is higher than 80% firewall will stop displaying reports.

If report use is 90% or higher the report database service is possibly dead.

In case if the reports DB is filled up, you need to manually purge the reports by going to Reports >> Show Report Settings >> Manual Purge

Purge Reports
Purge Reports

Once you remove the old reports, check reports data base as shown above. If reports DB size reduce less than 80 percentage, it will start displaying reports.

Note: Once you purge reports manually wait for some time and then check in disk usage.

Check Database Reporting Service:

Finally check report database service by executing the following command in CLI Device Console

system diagnostics show subsystem-info

Report DB
Report DB

Possible status for ReportDB service:

  • Running: Report Database service is up and running.
  • Dead: Report Database service is dead. Please contact Sophos support team.
  • Stopped: Report Database service is stopped. Reboot the appliance.

Hope this article helps you.