hello
I have server with SFOS v19, I am confused about log viewer. I think that it always show only logs in 10 minutes window.
I tried to change time filter (all records ,last 4 hours, 60 minutes, etc.) but it doesn't work .
I can only view firewall logs for last 10 minutes, what If I want to view firewall module logs three days or month ago, is this possible ?
or I can view them from another place like reports tab.
can anyone explain the limits of log viewer.
thanks a lot
Firewall logs are generated for each packet that matched a firewall rule with logging enabled. So It's huge amount of logs and cannot be stored for a long period. To store these logs for an extended period, you should setup am external syslog server and configure firewall to send logs to that server.
Find related info here: https://docs.sophos.com/nsg/sophos-firewall/18.0/Help/en-us/webhelp/onlinehelp/AdministratorHelp/SystemServices/LogSettings/SyslogServerAdd/index.html
I think it is bug in v19, because I have old server with SFOS V17.5.17 when I view in log viewer (Admin events) it shows all admin events.
But in v19 (time filter doesn't work) and even (admin events) only show events logged thru 10 minutes only,
(I tried all types of loges (admin, authentication, admin, etc. ..) , same problem only last logs in 10 minutes.
that really sounds like an issue, because the log retentions is based on the log component. Logs with few entries can go back many days or weeks while firewall log will most likely get only ~ one day on high traffic machines.
So if you change a firewall rule now, the log is shown in Admin log, and after 15 minutes you will no longer find it there? also with other browser?
I tried with different browsers (all modules logs) , same problem.