I am trying to find who visited a particular site within a short time range (half hour). I tried downloading the log for the day in question, but I am unable to extract the file. It fails with a CRC error at about 40%. I have tried downloading the file…

Hi guys, I just wanna ask help or any suggestions how can I blocked entirely "Unclassified Applications" that eat most of my bandwidth? See reports below: Any recommendations will be much appreciated. Thank you. Regards, Anthony

Hi everyone I've got an internal DNS server. LAN Network 10.99.150.0/24 UTM LAN IP 10.99.150.1 DNS Server 1 10.99.150.100 Everything is working fine, but n early every 5 seconds I've got a new log entry like this: 2016:11:03-09:19:52 vm ulogd[12400…

I just stood up a UTM 9 instance at my house. I've got several kids with numbers mobile devices. What's the best solution for monitoring web traffic and reporting on it? I'm interested in reporting based on user. User definitions will have to be MAC…

My Sophos box ran great for a little over a month, but over the last five weeks, it's continually locking up. I turn the monitor on and find the console frozen, and have to power cycle the box. The machine I'm using (Dell OptiPlex) has built-in diagnostics…

This morning we had an HA failover where the slave became master. What I noticed after the failover is that logging (graphs) were not available in the period before the failover. This evening I let the previous master become master again and now I can…

function="adir_auth_process_negotiate" file="auth_adir.c" line="1600" message="gss_accept_sec_context: Key table entry not found" This problem has been badly affecting one machine resulting in "Authentication failed" messages every time a user logged…

Hello Community! HTTP/S Malware blocked 47 . Where can I find in logs info about this? If it is a virus blocked I will go to Logging and reporting - Web Protection - Virus Downloaders and see all about it but in malware i cannot find anything even in…

Has anyone successfully got Sophos UTM working with AlienVault? (or OSSIM). Ie set up Remote Logging to AlienVault. Any tips has to how to do it? Does the built-in AlienVault plugin for Sophos UTM work? Doesn't seem to for me, but I'm new to AlienVault…

Hey Guys, I have faced a issue in my Company , One Domain user has made some not permitted Activity on the Internet and we need to find out, who was the one ? Like the IP of the computer , which accessed the Internet website at that particular time…

I'm coming from a Cisco ASA background and am finding the monitoring/logging on the UTM to be a bit difficult. On the ASA I could look a the syslog and see live monitoring of ALL traffic. Then filter accordingly. The specific thing I'm looking for now…

One of our websites is no longer appearing in the Logging and Reporting-->Webserver Protection-->Details tab after upgrading the firmware to 9.401-11 from the previous version. I can see traffic to that site in both the Live Log and the WAF log, but not…

Is there a way to investigate the VPN disconnect between Astaro SG210 and SonicWall TZ105? The logs indicate VPN connection established; but did not notice VPN disconnect or WAN port disconnect.

Hi All, I am new to the Sophos UTM product and a junior network technician, please forgive my ignorance if I haven't explained something correctly as I am still learning and I am not an expert by any means. I have set up a home lab and use the Sophos…

Posting this here if anyone wants to point their UTM logs to a remote logstash/elasticsearch instance. This is a working sample logstash.conf file. I pointed my remote logging to my logstash server on port 5140. This works for all of the UTM log types…

Hi there! We have dozens of clients with UTM's, quite a few of which, are using terminal servers. I've managed to integrate the UTM with AD, but can't think, or find any way to monitor user activity on the UTM. By this, I mean we want to be able to…

I understand that Sophos UTM 9 can send logs via syslog or snmp. I'm looking to setup external logging; high level idea in image below. Currently I'm looking at either Splunk or ELK (Elasticache + LogStash + Kibana). Note that I cannot use a managed…

Hi, i have a simple configuration consting of a local network behind a sophos utm which is connected to an ISP If i try to do a dns lookup for powerwatch.pw on the client on the local Network (utm is dns server for this network) i get only a "request…

So, the Daily Executive Report has a fair amount of "unclassified" traffic. Is there anything I could do to determine what this traffic is without staring at the log all day? Where if any documentation would allow me to understand this better? The utm9351…

Hi All, Is it possible to disable firewall logging for some specific hosts or networks? I have some hosts that are trying to connect to external ports that I'm blocking (Honeywell services), and that's generating a lot of logging. I would like to not…

Hi, After configuring the user portals on the SG310 UTM 9 it appear once the users names in the reporting and logging under the web protection and now its just IP's. The setup of the Authentication services : Create user automatechly for the web filter…

Hi, I installed the UTM Software on an apu1d4. It works quite well so far but there are two things that bother me. First thing is the data disk. I have a 16GB msata installed in the system but the UTM installer didn't use all of the space. Especially…

Hello all, I've been searching everywhere for this, maybe someone here has more insight than I'm able to find. I have a UTM 9, version 9.315-2. I noticed from the executive report that I have a bandwidth hog that I wanted to dig deeper into. Problem…