Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/nsg/sophos-firewall/20.0/Help/en-us/webhelp/onlinehelp/index.html?contextId=tools-generate-ctr

How to see logs

You can see individual logs and log files or get a consolidated report.

Log output types

You can get the log files from the CLI.

You can get the logs and log files from the web admin console as follows:

  • For brief logs of all the important events, see Log viewer.
  • For module-specific logs, download the individual log files.
  • For all the log files and a system snapshot, generate the Consolidated troubleshooting report (CTR).

You can get debug-level logs with Troubleshooting logs, the CTR, and the CLI. Debug mode is turned off for all subsystems by default.

Note

You can only get the log files separately from the primary and auxiliary high-availability devices.

Turn on debug mode

You can turn on debug mode for individual subsystems to get debug-level logs as follows:

  • For the system controller logs, enter the following command:

    system diagnostics CSC debug

  • For each service subsystem log you want, enter the following command:

    system diagnostics subsystems <subsystem> debug on
    Example 
    system diagnostics subsystems Pktcapd debug on

Note

Currently, you can only turn on debug mode for some service subsystems. See Debug-level logs.

Warning

To save disk space, we recommend that you turn off debug mode after troubleshooting.

Download log files

  1. (Optional) To purge all logs of a subsystem, enter the following command:

    system diagnostics <subsystem> purge-log

  2. Reproduce the issue you want to report.

  3. On the web admin console, go to Diagnostics > Tools.
  4. Under Troubleshooting logs, select the log files.

  5. Click Download.

    The files are downloaded as a compressed file.

  6. Email the file or share it through FTP with Sophos Support. See Connect to Sophos FTP server using an FTP client.

  1. (Optional) To purge all logs of a subsystem, enter the following command:

    system diagnostics <subsystem> purge-log

  2. Reproduce the issue you want to report.

  3. On the web admin console, go to Diagnostics > Tools.

  4. Under Consolidated troubleshooting report, select the following options:

    1. System snapshot: This doesn't require debug mode.
    2. Log files

  5. Enter the reason for generating the CTR.

  6. Click Generate.

  7. Click Download.

    The report is downloaded in encrypted format.

  8. Email the file or share it through FTP with Sophos Support. See Connect to Sophos FTP server using an FTP client.

  1. (Optional) To purge all logs of a subsystem, enter the following command:

    system diagnostics <subsystem> purge-log

  2. Reproduce the issue you want to report.

  3. Sign in to the CLI and enter 5 for Device Management and 3 for Advanced Shell.
  4. To open the log directory, enter the following command: cd /log
  5. To list the log files, enter the following command: tail -f /log/<logfilename>.log
  6. Copy them to a text file.
  7. Email the file or share it through FTP with Sophos Support. See Connect to Sophos FTP server using an FTP client.

Turn off debug mode

The log files increase in size when debug mode is on. To free up disk space, you must turn off debug mode after you download the log files.

To turn off debug mode, do as follows:

  1. Sign in to the CLI and enter 4 for Device console.

  2. For the system controller logs, enter the following command:

    system diagnostics CSC debug

  3. For each service subsystem log you want, enter the following command:

    system diagnostics subsystems <subsystem> debug off
    Example 
    system diagnostics subsystems Pktcapd debug off

More resources