Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 40 subscribers
  • Views 1934 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Bytes sent incorrectly reported in log viewer

Ben BP12C

Hi,

We're seeing repeated but inconsistent log entries with the bytes sent in the 4GB region. We use Fastvue and these incorrect bytes values mess with our reporting and make it hard to track down actual high bandwidth users. Some users are reported to have used hundreds of gigabytes when they have not.

Has anyone seen this on their Sophos XGS appliances?

We're currently running 18.5.4 MR-4 and seeing this issue on multiple appliances across different sites. It is affecting staff and student accounts using different Firewall rules and Web Policies.

I've included a few affected log entries below.

Time					Log subtype	Username	Src IP			Dst IP			Category				URL																Bytes sent	Referrer						Message ID	Policy ID
2022-10-25 15:57:27		Allowed		Staff1		10.10.4.104		142.250.70.196	Search Engines			https://www.google.com/log?format=json&hasfast=true&authuser=0	4294964804	https://contacts.google.com/	16001		57
2022-10-25 15:54:37		Allowed		Staff2		10.10.4.76		142.250.76.100	Search Engines			https://www.google.com/log?format=json&hasfast=true&authuser=0	4294965154	https://drive.google.com/		16001		57
2022-10-25 15:51:33		Allowed		Staff1		10.10.4.104		142.250.76.100	Search Engines			https://www.google.com/log?format=json&hasfast=true&authuser=0	4294964812	https://docs.google.com/		16001		57
2022-10-25 15:39:18		Allowed		Staff3		10.10.4.92		142.250.76.100	Search Engines			https://www.google.com/log?format=json&hasfast=true&authuser=0	4294964633	https://docs.google.com/		16001		57
2022-10-25 14:59:09		Allowed		Student1	10.10.4.81		142.250.76.100	Search Engines			https://www.google.com/log?format=json&hasfast=true&authuser=0	4294964958	https://mail.google.com/		16001		99
2022-10-25 14:57:10		Allowed		Staff4		10.10.4.63		142.250.204.4	Search Engines			https://www.google.com/log?format=json&hasfast=true&authuser=0	4294964842	https://www.google.com/			16001		57
2022-10-25 14:53:46		Allowed		Student1	10.10.4.81		142.250.204.4	Search Engines			https://www.google.com/log?format=json&hasfast=true&authuser=0	4294964958	https://mail.google.com/		16001		99
2022-10-25 14:48:44		Allowed		Student1	10.10.4.81		142.250.76.100	Search Engines			https://www.google.com/log?format=json&hasfast=true&authuser=0	4294964958	https://mail.google.com/		16001		99
2022-10-25 14:43:44		Allowed		Staff5		10.10.4.78		142.250.76.100	Search Engines			https://www.google.com/log?format=json&hasfast=true				4294965737	https://www.google.com/			16001		57
2022-10-25 14:25:40		Allowed		Student2	10.10.5.24		172.217.24.36	Search Engines			https://www.google.com/log?format=json&hasfast=true&authuser=0	4294964892	https://classroom.google.com/	16001		99
2022-10-25 13:25:09		Allowed		Student3	10.10.4.137		54.254.23.138	Information Technology	https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1	4294966478	https://www.coolmathgames.com/	16001		99

Any advice would be appreciated.

Cheers,
Ben



This thread was automatically locked due to age.
Parents Reply Children
Unfiltered HTML