Still understanding logs is a big problem and mistery. Some reports are still missing. We expect to see into 18.5 a new log module

Understand logging now is still unuseless.

I had in the past with 17.5 Skype problem. No calls and not video. Still downloading files through skype is not allowed. Why? I do not have any clue. Application filter is configured with Smart Filter where skype is allowed. I am using proxy to decrypt and scan with HTTPS CA uploaded. The only way to allow skype was to follow this KB:

https://community.sophos.com/kb/en-us/133690

Today, I am trying to understand why Microsoft Teams calls are not working. No idea. Still logs are useless. Understand this crypto logs, guys, is hard and sometimes logs are not even where you expect them to find. No logs into Web traffic, Application filter is empty. Drop-packet capture? Nothing

I do not want to use all the time tcpdump as I wish and I really hope that v18.x will have a new log component. Without KB and Sophos community, understanding what to unlock is a mistery. I do not like to use "any" in the service. I still use the concept of least privileges on all my installation.

I hope that someone agrees with me with the log components. UTM9 was definetly much better. This log component remembers me other vendors few time ago!

Thanks.

Parents Reply Children
  • Hello,

    sorry, my response is HAVE TO!!!

    It is surprising that Sophos positions the XG Firewall as an enterprise firewall, but the many features as they are now implemented absolutely do not match this level. And the implemented log management module is proof of that.
    I would like to see a situation when a security auditor at a bank or other financial company wanted complete logs from a XG Firewall administrator for a certain calendar period (day, week, month, etc.). I would not want to be in a skin of XG Firewall administrator, because he could not accomplish such a task. 

    Is desperate that no one of the Sophos product management is looking at the development of this product from the perspective of the administrators of the product.

    Well, we see the result.

    Regards

    alda

  •  

    i.e. How do you create a report for understand how much blocked traffic was generated during last week? I know blocked traffic on rule ID 0 is huge, but I want to know, by analysing the traffic, calculate the blocked traffic trend.

    Do you know, by using report, how can I accomplish this?