This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM not logging allowed packets

Hi All,

 

I am new to forum and new with Sophos.

I do know some basic troubleshooting as the KB was very useful.

We had this one concern where Sophos is not logging allowed packets in the syslog.

Please notice the log:

2018:01:21-14:2029 sg330-1 httpproxy[15747]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass"
method="CONNECT" scrip="172.20.8.103" dstip="206.17.25.188" user="" group="" ad_domain="" statuscode="200" cached="0"
profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="RED_DefaultHTTPCFFAction (Default content filter action)"
size="4737" request="0xafd8d600" url="https://att.inq.com/" referer="" error="" authtime="0" dnstime="2" cattime="0" avscantime="0"
fullreqtime="3246681" device="0" auth="0" ua=""
exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension"

While we want Sophos to log the entire link which is : 

https://att.inq.com/tagserver/launch/requestChatLaunch

 

Any help on this one.

 

Thank you in advance.



This thread was automatically locked due to age.
Parents
  • Hi Rico and welcome to the UTM Community!

    I've not seen a partial line recorded in the Web Filtering log before.  Do a test as follows:

    1. Start the Web Filtering Live Log.
    2. In the 'Filter' box, put att.inq.com and touch enter.
    3. Browse to the full URL.

    What did you see?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi BAlfson,

    After filtering, same output, att.inq.com.

    I have not yet tried giomodas advice.

    Update you all once tested.

    Thank you all,

Reply Children
No Data