We describe here the possible reasons why Sophos Firewall may not be displaying reports and the troubleshooting steps to resolve them.
Troubleshoot reporting
Shown below is an example scenario where the Traffic Dashboard in Sophos Firewall is showing blank reports.
Check the status of logging and security policies
- Enable Log firewall traffic:
Enable Log firewall traffic. It ensures that traffic passing through the firewall rule has been logged and can be viewed from the Log viewer.
It is recommended to enable logging for all firewall rules.
- Apply Security policies:
Set security policies to Allow all or Default policies or a custom policy so that logs are generated. If the security policies are set to None, then logs may not generate.
- Enable Local reporting:
Go to Configure > System services > Log settings. Under Log type (system), enable the checkbox for Local reporting to enable local logging. It is recommended to enable logging for all modules.
- Check the status of on-box reporting
You can check whether Sophos Firewall's on-box reporting status is enabled or disabled by using the console from the command line.
To check the status of Sophos Firewall's reporting, follow the steps below.
Sign in to the CLI Console with Telnet or SSH.
Select Option 4: Device Console.
Run the following command.
show on-box-reports
Note: If the status of Local Reporting is off, enable it by running the following command at the console prompt.
set on-box-reports on
- Check disk size usage
Use the following command from the CLI to check the disk size usage by reports.
system diagnostics show disk
If report use is 80% or higher, the firewall will stop displaying reports.
If report use is 90% or higher, the report database service is possibly dead.
If the disk limit for reports has been reached, the following message will be displayed in Reports > Compliance > Events > System events.
If report use is 80% or higher, follow the steps below to purge report data manually.
Go to Reports > Show Reports settings > Manual purge.
After purging report data, wait for some time and check again the disk space usage by reports.
If the usage size is less than 80%, it will start displaying reports.
- Check the status of the report database service
Use the following command to check the status of the report database service.
system diagnostics show subsystem-info
Possible status for ReportDB service:
Running: Report Database service is up and running.
Dead: Report Database service is dead.
Stopped: Report Database service is stopped.
What To Do
You can reset the reporting database. This will require a reboot and all reporting data will be lost.
- Flushing device reports from CLI
- Access the firewall's console via SSH.
- Select option 5 for Device Management.
- Select option 4 to Flush Device Reports.
- Type in y to continue flushing the device reports.