This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM9 - Cannot download Web Filtering log files

Using UTM9 as a web proxy. Web Filtering is enabled and has generated huge log files (1.7 GB on one machine and 4.1 GB on the other).

When I go to "Logging & Reporting" - "View Log Files" - "Web Filtering" - "View" I only get the notification "Could not prepare file for download".

How can I download these files? Do I have to temporarily disable the logging? If yes, how?

Any help is appreciated. Thank you.



This thread was automatically locked due to age.
Parents
  • Ok, I found out. And I'm telling you so this question will not go unanswered.

    Log on to the proxy via SSH. Today's log files are located in /var/log. Older log files are in the subfolders, e.g. "http" for the Web Filtering log files. You need to become root to access them. Copy them to /var/log or your home folder. From there you can download them with WinSCP or any other SFTP capable program.

Reply
  • Ok, I found out. And I'm telling you so this question will not go unanswered.

    Log on to the proxy via SSH. Today's log files are located in /var/log. Older log files are in the subfolders, e.g. "http" for the Web Filtering log files. You need to become root to access them. Copy them to /var/log or your home folder. From there you can download them with WinSCP or any other SFTP capable program.

Children
  • Hallo Robert and welcome to the UTM Community!

    A 4 GB http.log file is a sign that something is wrong.  I would urge you to open a case with Sophos Support.  Also, start a new thread here in the Web Filtering forum showing us about 50 lines from the middle of that giant log.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Thank you for your concern. The proxy server is under heavy load, so I actually don't see anything wrong with it. It is unfortunate that the GUI is unable to provide huge log files, but as I described I found a way to do it via the command line.

    What could be regarded as "wrong" is the fact that there are very few servers using this proxy and they are all opening new connections in the millisecond. I identified one user ID that is responsible for 10% of all the connections managed by this proxy.

    Unfortunately the customer has decided to switch to another product by the middle of the year, so we will just keep it running until then.