Is it possible to finally get a historical log similar to the UTM? I would prefer a log file rotation per day and preferably for at least 14 days back.
Is it possible to finally get a historical log similar to the UTM? I would prefer a log file rotation per day and preferably for at least 14 days back.
Hello SteppenWolf,
Agreed, as with my comment on this thread I want to know what the roadmap is for the Log Viewer: https://community.sophos.com/products/xg-firewall/sfos-eap/sfos-v18-early-access-program/f/feedback-and-issues/115776/clicking-on-log-components-like-web-server-protection-atp-security-hb-that-are-empty-in-log-viewer-blocks-log-viewer-for-several-minutes
Emile
XG so needs this, like how can an "Enterprise" firewall not? On top of that, the syslog output is not that consistent and makes for a difficult time building extractors or pipelines (in Graylog, etc). Different "facilities" have completely different formating, etc. We have 6 year UTMs that still have day 1 logs on them. Magic of gzip, huh?
Some of our clients have 10+ IPsec tunnels. If there is ever an issue, we always get asked why it went down, but it's too late. Going back into the strongswan.log and we are lucky if we have more than 1 days worth of events. Lucky if we have 2 days when looking in the .log.0 file which rotates out.
Baby steps, maybe v23 or v24? Sorry, I love Sophos, but moving from UTM has been a challenge in many areas.
I see it the same way. SFOS is not yet at the level of UTM in this aspect. I have a firewall with almost 100 IPSec tunnels and debugging is not easy here. This aggravates the fact that you can't redirect the strongswan.log to the SYSLOG (at least I don't know how).
With best regards,
Steppenwolf
Same here. It's beyond embarrassing asking the customer/vendor to send their IPSec logs cause, well, we have basically none.
We also have some UTM installs in which we can go back a very long time and review. All via the webadmin no less. I just don't get the "vision/roadmap" with respect to logging in XG.
Steppenwolf said:
Hi Steppenwolf, I agree. However the duration of the logging should be configurable ... (or have a second destinaton called syslog server).