Hi, hopefully i'm missing something obvious (although not holding my breath on that) Background: I am looking into identifying the source and type of some unexplained outbound traffic on a network connection, essentially there are a number of…

The system is producing this output below every second as it appears in the advanced shell, it seems that login process is restarting continuously. Feb 3 10:01:00 (none) daemon.info init: process '/bin/login' (pid 20205) exited. Scheduling for restart…

Hello fellow UTMers, is it possible to create a report that shows how utilized the external WAN interfaces are over a certain period of time in the same form as already shown in the Logging/Reporting - Network Usage section? (Not showing GB that were…

I am trying to find who visited a particular site within a short time range (half hour). I tried downloading the log for the day in question, but I am unable to extract the file. It fails with a CRC error at about 40%. I have tried downloading the file…

Hi All, XG firewall with 2 x IPSEC connections working. I can access resources either side and monitor them however there are no VPN reports on the reports page. This is also the case for active threat protection. There was an issue where the main…

Hi guys, I just wanna ask help or any suggestions how can I blocked entirely "Unclassified Applications" that eat most of my bandwidth? See reports below: Any recommendations will be much appreciated. Thank you. Regards, Anthony

We have an HA pair of XG430s running 16.01.2 and have created a rule for public Internet access. We don't want to log every site a customer visits but despite unticking the log box it is still logging.

I have a large number of staff that we want to monitor their time spent in the office based on their mobile phones connecting to our wifi, or their PC connecting to the wifi / network. We know the mac addresses of each device, and have specified reservations…

Hi everyone I've got an internal DNS server. LAN Network 10.99.150.0/24 UTM LAN IP 10.99.150.1 DNS Server 1 10.99.150.100 Everything is working fine, but n early every 5 seconds I've got a new log entry like this: 2016:11:03-09:19:52 vm ulogd[12400…

I just stood up a UTM 9 instance at my house. I've got several kids with numbers mobile devices. What's the best solution for monitoring web traffic and reporting on it? I'm interested in reporting based on user. User definitions will have to be MAC…

hello; xg firewall log format is as follows: Is it possible to adjust? DATE, TIME, COMPUTER NAME, IP, MacAddress, HOST, URL

I am running a XG 85W in bridged mode but the Reports menu is no longer available. I have Network and Web Filtering subscriptions enabled and confirmed they are active. Can I confirm that bridged mode excludes any traffic or security reports functions…

I was referenced to the Executive report and it does provide some good information for us. However, when exporting the report it becomes this convoluted mess. The information is there but I do not think the average person would understand. Is…

I've configured the firewall to report to a syslog server but nothing comes through. I've tried disabling the firewall on the desktop/server and still nothing is reported from the Sophos firewall. I've also use the servers built in test message to verify…

HI, I am looking for any documentation about setting up canned reports on the Sophos Firewalls. We are currently evaluating the XG Firewalls and reporting is the main reason we are looking into these devices. I have searched the knowledge…

My Sophos box ran great for a little over a month, but over the last five weeks, it's continually locking up. I turn the monitor on and find the console frozen, and have to power cycle the box. The machine I'm using (Dell OptiPlex) has built-in diagnostics…

This morning we had an HA failover where the slave became master. What I noticed after the failover is that logging (graphs) were not available in the period before the failover. This evening I let the previous master become master again and now I can…

function="adir_auth_process_negotiate" file="auth_adir.c" line="1600" message="gss_accept_sec_context: Key table entry not found" This problem has been badly affecting one machine resulting in "Authentication failed" messages every time a user logged…

Hello Community! HTTP/S Malware blocked 47 . Where can I find in logs info about this? If it is a virus blocked I will go to Logging and reporting - Web Protection - Virus Downloaders and see all about it but in malware i cannot find anything even in…

Has anyone successfully got Sophos UTM working with AlienVault? (or OSSIM). Ie set up Remote Logging to AlienVault. Any tips has to how to do it? Does the built-in AlienVault plugin for Sophos UTM work? Doesn't seem to for me, but I'm new to AlienVault…

Hey Guys, I have faced a issue in my Company , One Domain user has made some not permitted Activity on the Internet and we need to find out, who was the one ? Like the IP of the computer , which accessed the Internet website at that particular time…

I'm coming from a Cisco ASA background and am finding the monitoring/logging on the UTM to be a bit difficult. On the ASA I could look a the syslog and see live monitoring of ALL traffic. Then filter accordingly. The specific thing I'm looking for now…

Sorry but I am struggling a bit with logging, either I am doing something wrong or it's just rubbish. I have defined an explicit policy rule to drop all outbound traffic coming from a single IP address, I know it works because the client goes off-line…

One of our websites is no longer appearing in the Logging and Reporting-->Webserver Protection-->Details tab after upgrading the firmware to 9.401-11 from the previous version. I can see traffic to that site in both the Live Log and the WAF log, but not…