• XGS 126 report disk full

    Dominik Erdei
    Dominik Erdei
    Hello! I have a Sophos XGS 126 firewall, and the report disk fills up every week. I got emails that the " Reports disk Usage reached 90% exceeding the higher watermark of 90%" and I need to flush the reports disk to work. I disabled the log in all firewall…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • SFOS 19.0.0 GA-Build317 : Log Viewer behavior

    ali turki
    ali turki
    hello I have server with SFOS v19, I am confused about log viewer. I think that it always show only logs in 10 minutes window. I tried to change time filter (all records ,last 4 hours, 60 minutes, etc.) but it doesn't work . I can only view firewall…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • XG -Report partition full

    Alex NC
    Alex NC
    Hello, I just migrated a customer from UTM to XG (18.5 since 19 is not recommended by the support) and the default 80GB report partition of the VM is filling very quickly, in about 20-25 days. Logrotate is not well implemented and the firewall got…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Logviewer sometimes no origin/destination-port

    SETdevIT
    SETdevIT
    Good day, at the moment we have a lot of shity traffic going on , mostly from Russia and its lovely friends . Right now I ´ ve seen that there are p ackages without origin-port and destination-p orts in the Log Viewer . Whys that ? Never had this…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Log and Drop (IPv6) firewall rule "Allowing" and "Denying"... huh?

    Wayne Folta
    Wayne Folta
    I have a firewall rule (rule 20) which is a "log and drop" rule at the bottom of the IPv6 rules. But I'm seeing something very weird: some of the time it says "Denied" and some of the time it says "Allowed". There are no exceptions in the rule. Not only…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • XGFW All Reports are empty.

    Frank YANG
    Frank YANG
    My SG330 (SFOS 19.0.0 GA-Build317) has been running for a long time and was recently upgraded to V19. I don't read reports very often, but today I found all the reports were empty. No matter how long you choose . Where might I look to troubleshoot this…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Looking at awarrenhttp_access.log for FQDNs

    Brian1941
    Brian1941
    I have an XG125w (SFOS 18.5.2 MR-2-Build380). A while back, I had a website that needed a web exception for SSL/TLS decryption and scan. The domain needed did not appear in the SSL/TLS log viewer. I opened a ticket with support and they gave me some…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Sophox XG reports filtering by outgoing Port (interface)

    MMASLOUH
    MMASLOUH
    Hello, I have two ISP router, ISP1 router connected to port 2 and ISP2 router connected to port3. So i want to filter reports by outgoing port (interface), but the report page gives me only the option to filter by rules, source zone or destination…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Log Viewer not Updating

    BlackSheepOne
    BlackSheepOne
    Hello, I am running XG FW firmware version 19.0.0. Log Viewer is no longer showing current entries for all categories. The last entry logged was on 1/26/22. I've checked log settings and disk space and everything looks correct. I also have…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • How to see IP address based usage report in XG firewall

    Amrish
    Amrish
    Hello Guys, We are using Sophos XG-220 firewall since long. We have a Active-Passive configuration. For Internet usage, we have created multiple VLANs and All VLANs have multiple users. All users going through captive portal and login it's user name…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Help with "Invalid Traffic" in logs

    Alan Spark
    Alan Spark
    Hi, We have an XG 135 running SFOS 18.5.3 MR-3-Build408. There are two gateways, a primary and backup. One of our users is encountering an intermittent timeout on a specific website when performing a specific action. I have been checking our firewall…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Check logs for outbound SMTP traffic

    djb-sophos
    djb-sophos
    Hello, We have an old linux server we use to send emails with. It was set up by an employee who is no longer with the company, and no one has the login. We think we have moved all of our services off this server, so we think it is no longer being used…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Sophos XG firewall to elk configuration to dashboards.

    Siyabonga Nzama
    Siyabonga Nzama
    Hi I would like some guidance on how to configure elk to populate dashboards once SophosXG firewall is sending logs to my server and I confirmed this using tcpdump command?
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • disk usage - Sophos XG210

    Guilherme Silva1
    Guilherme Silva1
    Olá, Estou recebendo com grande frequência, alertas de utilização de disco ultrapassando os 80% em meu firewall e sempre que ocorre, realizo um purge manual dos logs. Acontece que a utilização do disco, por report está muito elevada, muito acima…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • firewall logs - dest urls not ip address

    Sophos User1175
    Sophos User1175
    hi all, got an xgs firewall but when i go to "log viewer" from the home page to see live logs, all i can see is "src ip" to "dst ip" is there a way to see the "src ip" to "dst url" if i cant do it via the gui, is there a way to do it via terminal…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • XG 18.0.6 Logging of NAT Rules and DNS activity

    Paul McGinnie
    Paul McGinnie
    Running XG 18.0.6 on my own hardware. Short version: How do you log activity of: a) DNAT rule which diverts DNS to the Sophos LAN Port b) The DNS service itself I can do some packet capture, but the logging tool seems to ignore a DNAT rule terminating…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Admin Logs for XG330

    Cesar Henrique
    Cesar Henrique
    Hello everyone. I have a question about the Admin Logs for XG330. Our Admin Logs in the GUI shows only the logs of the current day. I need to check yesterday's log, but it won't appear. First question: is this normal? I don't check this log frequently…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Can't find firewall logs in AllXGLogs CLI dump

    JasP
    JasP
    I've done a CLI dump of all the logs but I can't find anything that logs firewall rule hits (like the firewall section of the GUI logs). What am I missing?!
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Reports not showing up

    Farshid
    Farshid
    Hi, We have 2 virtual Sophos Firewall in active-passive cluster up and running. When installing, I deployed OVF and before turning on VM and first boot configuration ( I mean creating report and config and signature partition ), I resized VM secondary…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Anti Spam logs?

    MarkThornton
    MarkThornton
    I am trying to find any log information as a result of "The Sophos Anti Spam Engine has blocked this Email because the sender IP Address is blacklisted" pop-over message that I see in the GUI when I hover over a REJECTED status in the mail logs. I tried…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Data transfer report inaccuracy

    Farshid
    Farshid
    Hi, I cannot retrieve accurate reports from on-box reporting. Data transfer report for specific user shows that user downloaded more than 9 GB today but application report shows 1.8 GB usage and web report shows 4 MB. I've checked all other reports…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • View logs in Central Firewall Reporting

    djb-sophos
    djb-sophos
    Hello. Sophos Firewall 18.5.1. I recently changed every log type to log to "Central Reporting". The entire "Local reporting" column is empty. Before doing this I used to be able to go to the Sophos Firewall and click Log Viewer at the top right and…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • log live view: search for IP beginning with e.g. 10. including the dot . not 100.

    LHerzog
    LHerzog
    Hi, is it somehow possible to get the live viewer filter correctly including the first dot? This is still not working. Any workaround? Already asked this unanswered in 2020: https://community.sophos.com/sophos-xg-firewall/f/discussions/123796/live…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • SSL VPN more detailed reports

    Jakub Kavka
    Jakub Kavka
    Hello, i need some more detailed VPN reports for our management and so far i cant find any way to do this. Best report so far i found via Sophos Central but its not exactly what i need. On firewall Reports / VPN / SSL VPN is basicly useless for me.…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Wrong Categories in reports

    MMASLOUH
    MMASLOUH
    Hello, i have an XG 230 running on SFOS 17.5.15 MR-15, but it keep show me a wrong category reports. For example it list the LDAP traffic as P2P app category and "P2P Client Torrent" for application.
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • View related content throughout Sophos Firewall
  • More
  • Cancel
<>