Hi folks,
We have a pair of SG450 Hardware Appliances (Hot Standby Mode) running UTM Version 9.703-3 acting as Web Proxy Firewalls.
Our UTMs are configured to syslog their Web Filtering Logs to a remote server which has a third-party log analyser installed.
We periodically receive Freedom Of Information (FOI) Requests asking for sites visited and/or blocked by our users and our third-party analyser can do this quite efficiently.
However, when running two instances of the exact same query locally on the Sophos UTM using View Log Files > Search Log Files > Web Filtering I have noticed a discrepancy in the number of results returned when I select the option Only Display Page Requests. This is for the exact same query ran with, and then without this option selected.
My question is therefore, what is the difference when this option is selected? When this option is selected does it mean the log entries of only those pages a user actively requested are returned? Is there a particular field entry in the Web Filtering Log which indicates that the user deliberately attempted to access a site as opposed to all of the other 'fluff' which is generated when accessing a web page?
This would greatly assist me in creating more accurate reports in reply to FOI Requests.
Any advice would be much appreciated.
Best regards,
John P
This thread was automatically locked due to age.