Register Now


Lost Password

Lost your password? Please enter your email address. You will receive a link and will create a new password via email.

Sophos XG: Troubleshooting common reporting issues


Here in this article we will learn how to troubleshoot common reporting issues in sophos XG firewall.


Verify local reporting is enabled:

First verify if on-box-reports and DB services are active

Login to the sophos firewall CLI, you can use the following article for the same:

Enter to device console by typing number 4.

In the console prompt enter this command “show on-box-reports” and make sure local reporting is turned on.

This service is currently turn on (Local Reporting: on). This means that on the XG appliance, this reporting feature is enabled.

Type “exit“, main menu will be prompted then enter “device management” and then “advanced shell“.

Type “service -S | less” and make sure postgres, sigdb, reportdb and garner are running.

Services for postgres, reportdb and garner are essential to generate report and have to be in RUNNING state.

Verify automatic retention settings:

To verify retention settings of sophos XG firewall.

Login to the sophos XG firewall GUI and click on the reports tab.

report settings
reports settings

Then click on “Show report settings” tab.

Check the log retention period under “Data Management” tab.

report management
Data management

The retention time can be 1 to 12 months, but is limited to 3 months on some services with larger amounts or reporting data.
When the retention period ends, older reports are removed. Customers who require longer retention times, should utilize and iView server or a third party Syslog server.

Hard disk is fully utilized:

Use “du –sh *” command to verify log file sizes and df to verify the available disk space.

Then check which directory is using high memory.

Also debug logs and tcpdump capture still have high risk to fill up the disk.

Manually purging reporting files for a custom duration:

Sometimes disk could be filled up because of old reports. You have to manually reports on that case.

First login to the firewall, click on reports >> show reports settings

Then Click on Manual purge tab.

Purge reports
Manual purge

You can purge reports for the custom duration.

Hope this article helps you.