Hy Team, after integrating sophos utm 9 firewall to solarwind. solarwind unable to catch sophos log.

I'am trying to send logs to an external Syslog server via Remote Syslog Settings but i don't have any access to the server how am i gonna check if the logs are actually being sent?

Hallo, wir würden gerne die TLS Version für die Webserver Protection auf v1.2 anheben und möchten dafür vorher überprüfen, ob noch Verbindungen über TLS v1.0 oder TLS v1.1 aufgebaut werden. Gibt es eine Möglichkeit das über die GUI oder die CLI…

I'm on version 9.705-3, and since sometime in May, the log files for Web Filtering have grown from 500MB daily to 2+ GBs daily. The logs are flooded with the below entry: 2021:06:28-10:26:55 FirewallName httpproxy[23287]: id="0003" severity="info" sys…

Hello community, I am looking for a log file description for SG (and XG) firewalls. A lot of logs do have an id="xxxs" field, for example: <30>2021:03:11-22:26:42 gateway ulogd[7988]: id="2002" severity="info" sys="SecureNet" sub="packetfilter" name…

Hello, I'd like to collect and analyze the wireless logs. Older accesspoints send in nice logs like this one: 2020:11:11-17:13:01 <AP_ID> awelogger[9274]: id="4104" severity="info" sys="System" sub="WiFi" name="STA association" ssid="mySSID" ssid_id…

Hello Team, I have tried to use the packet Filter option with multiple combination like IP address, Port, protocol but it doesn't filter/display any result. Can I have some information regarding how exactly it is working and can I have some example…

I'm currently backing-up my justification to increase our internet bandwidth. I need to get the average Network usage(a span of 1 year) from 8:00-18:00(work hours) rather than the 24 hour period presented in the graphs. Does anyone know how to export…

Hallo Zusammen, ich bin gerade dabei, das Remote-Logging mithilfe von Splunk zu testen. Hierfür benutze ich folgende Konfiguration auf der Sophos UTM: (Der Server ist mit TCP-Port 5600 konfiguriert) Es werden nur die Logs der Firewall an den…

Hi fellow Sophos users, installed UTM 9 a few days ago , love it ! great network traffic info , BUT now for some reason im not seeing any traffic at all on 2 NIC's ... i know eth 2 is a busy network and according to the pic below , no more traffic…

For now Sohpos UTM syslog splits long log messages. Is there a way to configure syslog do not split long log messages? I'm shipping Sophos logs to my logstash server, which sends them to Elastic. I'll prefer to not deal with multi-line messages parsing…

Hi all, I recently came across a useful post in this forum (link below) showing the location of the 'Applications' file which displays the mapping between app-id and application name for all of the applications Sophos UTM recognises. The file was located…

Hello forum, I'm looking for any whitepapers/recommendations available about configuring the logging. I know the basics but some more fine tune required. As of now on one of my UTM servers are ~3.500 users connected and generates http log in size of…

Good morning, i'm using an SG125 with UTM9 I would like to have the opportunity to see in real time the instant bandwidth usage of the network to monitor which machine is using "how much" but i can't find the bandwithmeter page. I would like to identify…

So after seven years of happily using UTM I thought I had all pretty well down pat, but now I find myself in a state of confusion. Someone has added a Mac Pro onto a subnet here, and I suddenly am getting lots of log entries like " Default Drop BNJP…

Hello, I have some problem with a HA Cluster UTM-320. If I take a look on the log files, the bigger (even bigger than the packetfilter.log) is confd-debug.log. The size is 77Mb after 14 hours, and it is full of these messages: 2017:03:09-13:53…

After disabling SMB version 1 on our Windows servers per US-CERT best practices, UTM log file archiving is broken. Anyone have a workaround or extra information about this? SMBv1 disabled on Windows 2008R2 and Windows 2012R2 servers via; Registry subkey…

Hello fellow UTMers, is it possible to create a report that shows how utilized the external WAN interfaces are over a certain period of time in the same form as already shown in the Logging/Reporting - Network Usage section? (Not showing GB that were…

I am trying to find who visited a particular site within a short time range (half hour). I tried downloading the log for the day in question, but I am unable to extract the file. It fails with a CRC error at about 40%. I have tried downloading the file…

Hi guys, I just wanna ask help or any suggestions how can I blocked entirely "Unclassified Applications" that eat most of my bandwidth? See reports below: Any recommendations will be much appreciated. Thank you. Regards, Anthony

Hi everyone I've got an internal DNS server. LAN Network 10.99.150.0/24 UTM LAN IP 10.99.150.1 DNS Server 1 10.99.150.100 Everything is working fine, but n early every 5 seconds I've got a new log entry like this: 2016:11:03-09:19:52 vm ulogd[12400…

I just stood up a UTM 9 instance at my house. I've got several kids with numbers mobile devices. What's the best solution for monitoring web traffic and reporting on it? I'm interested in reporting based on user. User definitions will have to be MAC…

My Sophos box ran great for a little over a month, but over the last five weeks, it's continually locking up. I turn the monitor on and find the console frozen, and have to power cycle the box. The machine I'm using (Dell OptiPlex) has built-in diagnostics…

This morning we had an HA failover where the slave became master. What I noticed after the failover is that logging (graphs) were not available in the period before the failover. This evening I let the previous master become master again and now I can…

Hello Community! HTTP/S Malware blocked 47 . Where can I find in logs info about this? If it is a virus blocked I will go to Logging and reporting - Web Protection - Virus Downloaders and see all about it but in malware i cannot find anything even in…