System Status

The differences in the conditions monitored on each type of appliance are shown in the descriptions below. On a Management Appliance, the available controls differ considerably. For this reason, Management Appliance users should also refer to System Status on the Management Appliance.

The icons on the System Status tab indicate the system's alert level by their color. If it is a joined appliance, the System Status button on the navigation bar becomes animated if the appliance is synchronizing with other appliances. The status indicated by these icons is shown in the following table. Differently shaped icons are used for the Web Appliances (disks) and the Management Appliance (network icons).

Icon type OK Warning Critical Unknown Data Sync.
Disc icon (Web Appliance) green yellow red gray N.A.
Network icon (Management Appliance) green yellow red gray animated

The System Status tab lets you monitor the health and performance of the appliance. By default, only exceptions (warnings or critical alerts) are displayed. If there are no exceptions, the System Status tab's default page shows nothing. The buttons at the bottom of the System Status page provide the following functionality:

  • Click Show All to view a complete list of status items. Some items, such as those associated with Active Directory and eDirectory, are only shown if the program is enabled in the appliance.
  • Click Show Exceptions to return to the display of only the existing exceptions.
  • Click Shutdown to restart or shut down the Web Appliance. A confirmation prompt is displayed. Click Shutdown or Restart to perform the operation of your choice.
    Note
    Sophos strongly suggests that you use these software shutdown and restart options, as using the appliance's power button or reset button, as described on the Appliance Hardware page, may lead to file corruption and data loss. Also, note that any pending software updates will be applied during the shutdown and restart process.
    The software shutdown and restart options are also very convenient for appliances that are housed off site or in a collocation facility.

The tab is organized into five sections, each with a different category of information. Every monitored condition displayed on the System Status tab shows the following information. At the far left of the page is the status icon itself, the color of which indicates the alert status of the item as one of Normal (green), Warning (yellow), or Critical (red).

  • Monitor: Names the condition that is being monitored.
  • Message: Provides details of the latest alert.
  • Potential remedies: Describes possible solutions for the latest alert. For most warning and critical alerts, you are advised to contact Sophos Technical Support .
  • Last exception at: Shows the date in MM/DD/YYYY format and the time in 12-hour, AM/PM format for the latest unacknowledged alert.
  • Exception: Shows the number of alerts, including information (normal) alerts for that item. Click the "note" icon to open the System Alerts dialog box, which contains a history of alerts for this item. Click Clear History at the bottom of the System Alerts dialog box to clear the alert(s).

Monitored information is grouped into four sections: Traffic, Hardware, Software, and License. The monitored information varies depending on whether it is system status information for a Management Appliance, a joined Web Appliance, or a stand-alone Web Appliance. The monitored conditions for each of these sections are:

  • Traffic:
    • Scan time: [Not available on Management Appliance] A warning alert is triggered if the average scan time over the last 5 minutes exceeds 10 seconds.
    • WCCP: [Standalone and Joined Appliances Only] A critical alert is triggered if the appliance is unable to communicate with configured Web Cache Communication Protocol routers.
  • Hardware:
    • Hard Disk: A critical alert is triggered if the hard disk fails. The number of hard disks listed will vary according to the hardware platform.
    • System memory usage: A critical alert is triggered when 98% of physical memory (RAM) is used. If this condition persists, the appliance configuration may need to be adjusted to enable greater throughput, or an additional appliance may need to be deployed to handle current volumes.
    • System memory (missing): A critical alert is triggered if any of the expected memory (RAM) is not present. The amount of memory expected varies according to the hardware platform.
    • System temperature: A critical alert is triggered when the appliance's temperature exceeds its normal temperature range.
    • System fans: A critical alert is triggered if the appliance's system fan fails.
    • CPU: A critical alert is triggered if there are problems with the appliance CPU that could affect the stability of your system.
  • Software:
    • Connection to management appliance: [Joined Web Appliance Only] A critical alert is triggered after 10 minutes of a loss of connection.
    • Connections from joined appliances: [Management Appliance Only] A critical alert is triggered after 10 minutes of a loss of connection.
    • System load: A warning alert is triggered if the load average is greater than 50%.
    • Report data backup: [Management Appliance Only] A critical alert is triggered if a scheduled upload fails.
    • Transaction log files archive: [Not available on Management Appliance] A critical alert is triggered if a scheduled upload fails.
    • Configuration backup: [Not available on Joined Web Appliance] A critical alert is triggered if a scheduled upload fails.
    • Connection to Sophos: A warning alert is triggered after two hours if the appliance is unable to connect to the Sophos site to receive threat definitions or software updates. A critical alert is issued if the appliance is unable to connect to the Sophos site after six hours.
    • System updates: A critical alert is triggered when a system software update fails or if the software is out of date.
    • System reboot: A warning alert is triggered if there are pending updates that will cause the Web Appliance to automatically reboot in the next available update window.
    • Syslog server availability: A warning alert is triggered if the appliance is unable to connect to its configured Syslog server.
    • Active Directory integration: A critical alert is triggered if the appliance gets disconnected from the Active Directory domain. If this occurs, click Verify Settings on the appliance's Configuration > System > Active Directory configuration page to ensure that the domain controller is accepting connections. Ensure that the username and password supplied have the relevant rights to access the domain and that your network is configured correctly to allow the appliance to access the relevant ports on the domain controller. Contact Sophos Technical Support if additional help is required.
    • Active Directory synchronization: [Not available on Joined Web Appliance] The Web Appliance synchronizes with the configured Active Directory server every 2 hours. If this synchronization fails, a critical alert is raised.
    • Active Directory Trusted Domains synchronization: [Not available on Joined Web Appliance] If synchronization with a trusted (or child) domain fails, a warning alert is raised.
    • eDirectory synchronization: [Not available on Joined Web Appliance] A critical alert is triggered if the appliance has problems synchronizing with the eDirectory server.
    • eDirectory user identification: [Not available on Management Appliance] A warning is triggered if the appliance has encountered a problem obtaining user identification data from the eDirectory server(s). A critical alert is triggered if the appliance has encountered problems over an extended period of time when attempting to obtain user identification data from the eDirectory server(s).
    • Web categorization data update: An alert is triggered if the Web Appliance has problems receiving web categorization data.
    • Email alert delivery: A warning alert is triggered if the appliance has not been able to send email notifications (EDNs) for 4 hours. A critical alert is triggered if the appliance has not been able to send any EDNs for 72 hours. The appliance was either unable to connect to an email server when trying to send an alert notice, or was unable to deliver the email to a specified recipient. Correct operation of the appliance requires that it be able to send email alerts to Sophos Technical Support and specified recipients. Ensure that an Outgoing SMTP mail server has been correctly specified on the Configuration > Network > Hostname page, and a valid recipient email address is specified on the Configuration > System > Alerts page.
    • Configuration version: [Only available on Joined Web Appliance] A critical alert is triggered if a configuration update fails. If the configuration version of the Joined Appliance does not match that of the Management Appliance, configuration changes on the Management Appliance will no longer be downloaded to the Joined Appliance.
  • License:
    • Sophos license: A warning alert is triggered when there are less than 30 days left on a trial license, and it continues until 10 days after a trial license expires. A critical alert is triggered 10 days after a trial license expires, and the appliance stops categorizing sites. If you do not block uncategorized sites users will still be able to browse, but will not be protected from categories that should be blocked.