Here in this article we will troubleshoot the issue when reports are not displaying properly in sophos XG firewall.
Below is the sample scenario where the traffic dashboard in the sophos firewall is showing under blank reports
Check the status of logging and security policies:
Log firewall traffic must be enabled on firewall rue to generate reports for the specific traffic matching that firewall rule as shown below
It is best practice to enable logging on all firewall rules.
Apply security policies to all firewall rules, for example set Allow All or Default Policies to web filtering and application filter. If the security policies set to none logs may not generate.
Enable Local Reporting:
We must enable local reporting to generate reports under reports tab.
Click on configure >> system services >> log settings. Enable local reporting for required modules. The best practice is to enable reporting for all the modules.
Note: Logs for the selected modules can be viewed from the Log Viewer.
You can also enable central reporting which will send reports directly to sophos central, if you register your firewall with sophos central.
Check The Status Of On Box Reporting:
You can check if sophos firewall on box reporting is enabled or disabled by entering console tab of sophos firewall
Login to the sophos firewall CLI. You can use this article for the same:
Enter Device console (4th option) and type this command: show on-box-reports
If local reporting is off enable it by entering this command “set on-box-reports on“
Check Disk Size Usage:
Use the following command to check the disk usage by reports “system diagnostics show disk“.
If the reports usage is higher than 80% firewall will stop displaying reports.
If report use is 90% or higher the report database service is possibly dead.
In case if the reports DB is filled up, you need to manually purge the reports by going to Reports >> Show Report Settings >> Manual Purge
Once you remove the old reports, check reports data base as shown above. If reports DB size reduce less than 80 percentage, it will start displaying reports.
Note: Once you purge reports manually wait for some time and then check in disk usage.
Check Database Reporting Service:
Finally check report database service by executing the following command in CLI Device Console
“system diagnostics show subsystem-info“
Possible status for ReportDB service:
- Running: Report Database service is up and running.
- Dead: Report Database service is dead. Please contact Sophos support team.
- Stopped: Report Database service is stopped. Reboot the appliance.
Hope this article helps you.