Sophos Endpoint Security and Control: reading RMS log files

  • Article ID: 13019
  • Rating:
  • 5 customers rated this article 1.8 out of 6
  • Updated: 11 Mar 2013

The Sophos Endpoint Security and Control Remote Management System (RMS) log files can be found in the locations below.

Known to apply to the following Sophos product(s) and version(s)

Sophos Anti-Virus for Windows NT 4.7.43
Sophos Anti-Virus for Windows 2000+ 9.7.0
Sophos Anti-Virus for Windows 2000+ 7.6.21
Sophos Anti-Virus for Windows 2000+ 10.0

Sophos Anti-Virus version 7, 9 and 10 on Windows 2000/2003/XP

  • C:\Documents and Settings\All Users\Application Data\Sophos\Remote Management System\3\Agent\Logs
  • C:\Documents and Settings\All Users\Application Data\Sophos\Remote Management System\3\Router\Logs

Sophos Anti-Virus version 9 and 10 on Windows Vista/2008/7

  • C:\ProgramData\Sophos\Remote Management System\3\Agent\Logs
  • C:\ProgramData\Sophos\Remote Management System\3\Router\Logs

Sophos Anti-Virus version 4.7 and above on Windows NT

  • C:\WINNT\Profiles\All Users\Application Data\Sophos\Remote Management System\3\Agent\Logs
  • C:\WINNT\Profiles\All Users\Application Data\Sophos\Remote Management System\3\Router\Logs

See: Sophos Endpoint Security and Control for Windows: log files for a full list of log files.

What to do

To check for error messages in RMS log files, go to the computer in question:

  1. Browse to the relevant log file (e.g. for the router log, C:\Documents and Settings\All Users\Application Data\Sophos\Remote Management System\3\Router\Logs)
  2. Select the most recent log, by date
  3. Scroll to the bottom of the log file and look for error messages (i.e., search for " E " (space, E, space).

In the RMS log files, error messages are indicated by a letter 'E' in the Type column. For example, the following messages are logged on a workstation:

03.02.2005 12:03:38 05D8 I Getting a new router certificate...
03.02.2005 12:13:39 05D8 I Timed out, resending certification message...
03.02.2005 12:08:28 03CC E Failed to read in the router's IOR from the supplied address and port
03.02.2005 12:08:28 03CC E NoRouterIORException: Caught MessagingSystemClientLib::NoRouterIORException (failed to get router's IOR from supplied address and port) ClientConnection::Reconnect()

For example, the 'Failed to read...' error above indicates that the router on the workstation was unable to connect to the server router and obtain the IOR.

  • Most common RMS errors involve connectivity or timeout problems. Check the message in the log.
  • If you need to contact technical support, give full details and have the log extract available.

 
If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent

Comments