Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Subscribers 6 subscribers
  • Views 1067 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM9 - Cannot download Web Filtering log files

Robert Schmitz

Using UTM9 as a web proxy. Web Filtering is enabled and has generated huge log files (1.7 GB on one machine and 4.1 GB on the other).

When I go to "Logging & Reporting" - "View Log Files" - "Web Filtering" - "View" I only get the notification "Could not prepare file for download".

How can I download these files? Do I have to temporarily disable the logging? If yes, how?

Any help is appreciated. Thank you.



This thread was automatically locked due to age.
Parents
  • +1

    Ok, I found out. And I'm telling you so this question will not go unanswered.

    Log on to the proxy via SSH. Today's log files are located in /var/log. Older log files are in the subfolders, e.g. "http" for the Web Filtering log files. You need to become root to access them. Copy them to /var/log or your home folder. From there you can download them with WinSCP or any other SFTP capable program.

Reply
  • +1

    Ok, I found out. And I'm telling you so this question will not go unanswered.

    Log on to the proxy via SSH. Today's log files are located in /var/log. Older log files are in the subfolders, e.g. "http" for the Web Filtering log files. You need to become root to access them. Copy them to /var/log or your home folder. From there you can download them with WinSCP or any other SFTP capable program.

Children
  • 0 in reply to Robert Schmitz

    Hallo Robert and welcome to the UTM Community!

    A 4 GB http.log file is a sign that something is wrong.  I would urge you to open a case with Sophos Support.  Also, start a new thread here in the Web Filtering forum showing us about 50 lines from the middle of that giant log.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Thank you for your concern. The proxy server is under heavy load, so I actually don't see anything wrong with it. It is unfortunate that the GUI is unable to provide huge log files, but as I described I found a way to do it via the command line.

    What could be regarded as "wrong" is the fact that there are very few servers using this proxy and they are all opening new connections in the millisecond. I identified one user ID that is responsible for 10% of all the connections managed by this proxy.

    Unfortunately the customer has decided to switch to another product by the middle of the year, so we will just keep it running until then.

Unfiltered HTML