Skip to content
The XG Series hardware appliances will reach end-of-life (EOL) on March 31, 2025. Click here to see the XG to XGS migration documentation.

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/nsg/sophos-firewall/19.5/Help/en-us/webhelp/onlinehelp/index.html?contextId=tools-generate-ctr

Check troubleshooting logs

You can see individual troubleshooting logs or get a consolidated report.

Log output types

You can get the logs from the Advanced shell.

You can also get the log files from the web admin console. For all the log files and a system snapshot, generate the Consolidated troubleshooting report (CTR).

You can get debug-level logs with the CTR, and the CLI. Debug mode is turned off for all subsystems by default.

Note

Logs and reports aren't synchronized between the primary and auxiliary devices in a high-availability cluster. Each device contains logs and reports for the traffic it processes.

Increase the log lines

You can increase or decrease the number of log lines captured in the CTR for all the service subsystems. The CTR includes all the log lines for the default subsystems, such as syslog and postgres.

To change the number of log lines, do as follows:

  1. Sign in to the CLI and enter 4 for Device console.

  2. Enter the following command:

    system diagnostics ctr-log-lines <25-10000>
    Example 
    system diagnostics ctr-log-lines 10000

Turn on debug mode

You can turn on debug mode for individual subsystems to get debug-level logs on the CLI and in the CTR.

To turn on debug mode, do as follows:

  • For the system controller logs, enter the following command:

    system diagnostics CSC debug

  • For each service subsystem log you want, enter the following command:

    system diagnostics subsystems <subsystem> debug on
    Example 
    system diagnostics subsystems Pktcapd debug on

Note

Currently, you can only turn on debug mode for some service subsystems. See Debug-level logs.

Warning

To save disk space, we recommend that you turn off debug mode after saving the logs or report.

Download log files

  1. (Optional) To purge all logs of a subsystem, enter the following command:

    system diagnostics <subsystem> purge-log

  2. Reproduce the issue you want to report.

  3. On the web admin console, go to Diagnostics > Tools.

  4. Under Consolidated troubleshooting report, select the following options:

    1. System snapshot: This doesn't require debug mode.
    2. All log files

    Note

    Some log files in the CTR only show the number of log lines specified on the CLI.

  5. Enter the reason for generating the CTR.

  6. Click Generate.

  7. Click Download.

    The report is downloaded in encrypted format.

  8. To share the file with Sophos Support, upload it to the support case you created. See Submit files.

  1. (Optional) To purge all logs of a subsystem, enter the following command:

    system diagnostics <subsystem> purge-log

  2. Reproduce the issue you want to report.

  3. Sign in to the CLI and enter 5 for Device Management and 3 for Advanced Shell.
  4. To open the log directory, enter the following command: cd /log
  5. To list the log lines of a file, enter the following command: tail -f /log/<logfilename>.log
  6. Copy the lines to a text file.
  7. To share the file with Sophos Support, upload it to the support case you created. See Submit files.

Turn off debug mode

The log files increase in size when debug mode is on. To free up disk space, turn off debug mode after you download the log files.

  1. Sign in to the CLI and enter 4 for Device console.

  2. To turn off debug mode, do as follows:

    1. For the system controller logs, enter the following command:

      system diagnostics CSC debug

    2. For each service subsystem log you want, enter the following command:

      system diagnostics subsystems <subsystem> debug off
      Example 
      system diagnostics subsystems Pktcapd debug off

More resources