Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 5 subscribers
  • Views 3148 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can't trace where a user\host mentioned in daily executive report is being accesed by in logs

PlanetArous

Our Daily Executive Report frequently mentions a certain User/Host in Top 10 Servers section by URL and IP address. Its using relatively a lot of traffic, the IP address resolves to some Swiss, cloud based hosting company.

I check the most obvious logs for details (Logging & reporting > View Log Files > Search Log Files) but the searches never find anything that matches to see what computers or users on our system are the source or destination for this traffic. I try searching by IP address and by the URL the IP address resolves to. I even tried asking our sophos support company but they were useless at assisting on this. I imagine it's something benign like Microsoft, Akamia or Sharefile that software or users frequently use but would like to confirm this for peace of mind.

Thanks!



This thread was automatically locked due to age.
Parents
  • 0

    When you look in 'Logging & Reporting > Network Usage' on the 'Bandwidth Usage' tab, what do you see when you click on that entry?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    aaah - if i change to Server here i can see our Swiss data source and if i click through i can see that it is a https service but little else information is provided. It's a start lol

     

    Thanks - what now???

  • 0 in reply to PlanetArous

    HTTPS?  If you're scanning HTTPS in Web Filtering, look in 'Reporting >> Web Protection'.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply Children
  • 0 in reply to BAlfson

    But that's the thing - unused.senselan.ch doesn't appear in any of the web usage reports, or any archived log file reports that seem most obvious, which lead me here to ask about it as couldn't find it :/

    I think the reverse lookup of the ip address is resolving to the cloud hosting platform in the daily reports rather than the actual web service being accessed on it making it a bit of a mystery to tally what's what.

     

    Thanks!

Unfiltered HTML