Sophos UTM Home v9.703-3
I'm trying to find the equivalent log viewer to Watchguard's Traffic Monitor. For those unfamiliar, the TM simply shows all traffic flowing through the device and can be filtered on any string. It's really useful for troubleshooting but I can't find an equivalent on the Sophos UTM, does anyone know if there's an equivalent?
Bit of background; I have a 'smart' alarm system and when I configure the UTM to use cloudflare's 126.96.36.199 DNS servers it seems to be unable to connect to wherever it needs to connect to. If I set a DHCP option 6 for that host and assign Google DNS, it all works as expected. What I want to do is watch the traffic flowing out of the host to see what URL/IP's it's trying to connect to so I can check if Cloudflare is resolving it. I've tried setting up a firewall rule Source:Alarm Hub, Dest: ANY, Service: ANY, Action: Allow, Log Traffic: Ticked, and although I can see a DNS request passing through the firewall I don't see any other traffic coming from this host.
In Watchguard world, I'd open the traffic monitor and filter on the IP address of the alarm, and I'd be able to see every request passing through the firewall. I just want raw traffic logs. Can anyone throw some light on how to achieve this?
Thank you for contacting the Sophos Community.
The /log/packetfilter.log should provide you with this traffic information.
Please SSH to the UTM by following this KB so you are able to find the log I mentioned above.
Once authenticated please type
Then you could filter the log by running
tail -f /log/packetfilter.log | grep "x.x.x.x" (x.x.x.x = IP of the Alarm hub)