Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Sophos Firewall

Discussions Log analysis and warning

Sophos Firewall requires membership for participation - click to join

Thread Info

State Not Answered
Locked Locked
Replies 2 replies
Subscribers 39 subscribers
Views 2482 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Log analysis and warning

Ha Nguyen over 4 years ago

Hi,

Our company is using a XG firewall.

I can send the logs to a log management system (ELK) and break a log message into fields.

I can find the Firewall Log Format here: https://community.sophos.com/kb/en-us/130308

However, my security knowledge is limited.

Could you please help me to identify the important security messages from the logs ?

E.g. if Log subtype = Admin and Status = Failed (some one tried to log in the firewall with wrong password).

Thanks.

This thread was automatically locked due to age.

Parents

0 Keyur over 4 years ago

Hi Ha Nguyen

There are many ways to check the reports.

You can check live logs for Various Modules as per your requirement.

Please navigate to Log Viewer and you have various types of logs available for Admin Events, Firewall Logs, Different Module such as Anti-Virus, Anti-Spam logs for detection, Web and App filter logs- https://community.sophos.com/kb/en-us/131951

If you navigate to the Reports tab, you have more information in detail and you can sort/customize as per your requirement.

https://docs.sophos.com/nsg/sophos-firewall/v17.1.0/PDF/Sophos%20XG%20Firewall%20Reports%20Guide.pdf

https://community.sophos.com/kb/en-us/123211

Regards,

Keyur
Community Support Engineer | Sophos Support
Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts |
If a post solves your question use the 'This helped me' link
Cancel
Vote Up 0 Vote Down

Cancel
0 Ha Nguyen over 4 years ago in reply to Keyur

I forward the sophos log to nagios server, and would like the nagios server to send alert immediately if it sees anything unusual.

Log Viewer and Reports cannot alert me.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Ha Nguyen over 4 years ago in reply to Keyur

I forward the sophos log to nagios server, and would like the nagios server to send alert immediately if it sees anything unusual.

Log Viewer and Reports cannot alert me.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data