Troubleshooting logs
Troubleshooting logs help you identify problems and troubleshoot issues.
You'll need to share the troubleshooting logs when you contact Sophos Support.
- You can see and download these logs from the web admin console and the CLI. See Check troubleshooting logs.
- To know the log files for each module, see Log files for modules.
Log storage
The firewall stores troubleshooting logs in its /var
partition. Specific disk space is allotted to each component based on the appliance model. Critical components are allotted more space.
The firewall copies log files from its memory to its file system. If the firewall stops responding, files that aren't already copied to the file system are erased.
Log rotation
The firewall allocates different size limits to log files based on their subsystems, such as apache
and applog
. When the log file reaches the limit, the firewall compresses it into a .gz
file and starts storing logs using the original filename.
It creates two or more rotations, that is, compressed files, depending on how critical a subsystem is. When the logs for a subsystem reach its disk limit, the firewall starts deleting the earliest .gz
file first.
Purge logs
You can purge the compressed logs, all logs, or logs for specific subsystems. Sign in to the CLI, enter 4 for Device console, and enter one of the following commands:
-
All subsystems:
- Purge all logs:
system diagnostics purge-all-logs
- Purge all compressed logs:
system diagnostics purge-old-logs
- Purge all logs:
-
Specific subsystems
- Purge all logs of specific subsystems:
system diagnostics <subsystem> purge-log
- Purge the compressed logs of specific subsystems:
system diagnostics <subsystem> purge-old-log
- Purge all logs of specific subsystems: