Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Sophos Firewall

Discussions Firewall logs - where?

Sophos Firewall requires membership for participation - click to join

Thread Info

State Not Answered
Locked Locked
Replies 11 replies
Subscribers 41 subscribers
Views 4143 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall logs - where?

m@x over 1 year ago

Log Viewer > Firewall goes back by 10 days or so. I need to retrieve Firewall logs for a period of 2 weeks starting 20 days ago.

I've learned that XG(S) do not store log files for Firewall rules.

From other posts I've also learned that I should use Sophos Firewall Manager to retrieve this data.

From other articles I've also learned that SFM has been discontinued and the functionality migrated to Sophos Central.

With that said, I am looking for guidance on how to use Central to retrieve the firewall logs as they appear in the Log Viewer.

I don't need the aggregate report. I need to see the user, the SRCIP, DSTIP, SRCPORT, DSTPOST etc etc and filter by the user and the DSTPORT.

This is all I could find and the results are worthless:

This thread was automatically locked due to age.

Top Replies

rfcat_vk over 1 year ago +1

Hi, the CM will only start collecting logs after you have setup an account. It will have the history for which you have set the retention periods on the XG. The logs presented by CM are more detailed…

Parents

0 rfcat_vk over 1 year ago

Hi,

the CM will only start collecting logs after you have setup an account. It will have the history for which you have set the retention periods on the XG.

The logs presented by CM are more detailed than offered by XG log viewer.

Ian

XG115W - v20.0.2 MR-2 - Home

XG on VM 8 - v21 GA

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up +1 Vote Down

Cancel

Reply

0 rfcat_vk over 1 year ago

Hi,

the CM will only start collecting logs after you have setup an account. It will have the history for which you have set the retention periods on the XG.

The logs presented by CM are more detailed than offered by XG log viewer.

Ian

XG115W - v20.0.2 MR-2 - Home

XG on VM 8 - v21 GA

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up +1 Vote Down

Cancel

Children

0 m@x over 1 year ago in reply to rfcat_vk

Hi,

I've upgraded from XG to XGS and registered immediately about 3 months ago. We manage a lot of customers and Sophos Products via out Partner Portal and have them all registered in Sophos Central. But I never had a situation where I needed something older than 10 days of logs.

Sophos Central registration

Device status: Registered

Serial number: X13109--------2

Registration date: April 02, 2023

You mentioned that The logs presented by CM are more detailed than offered by XG log viewer.

Can you point me to the right direction on how to acquire this info? I want to see exactly the same output that Log Viewer > Firewall logs shows, but for a period older than 7-9 days. Specifically -17 days. I also want to be able to filter by DSTPORT and Username.
Cancel
Vote Up 0 Vote Down

Cancel