Management, Networking, Logging and Reporting Sophos UTM9 - Log everything passing through port 25

UTM Firewall requires membership for participation - click to join

Thread Info

State Not Answered
Locked Locked
Replies 3 replies
Subscribers 3 subscribers
Views 1599 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM9 - Log everything passing through port 25

Sophos User3521 over 1 year ago

Hi,

I have sophos utm 9 and I wish to log everything that is trying to go to the internet using port 25 (smtp) how can I do that?

This thread was automatically locked due to age.

Parents

0 Sophos User3521 over 1 year ago

I know of the command

tcpdump -i br0 src or dst port 25

However I would like it to be able to log even when I dont have the ssh session open for during the night etc.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Sophos User3521 over 1 year ago

I know of the command

tcpdump -i br0 src or dst port 25

However I would like it to be able to log even when I dont have the ssh session open for during the night etc.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Alan Brand over 1 year ago in reply to Sophos User3521

startproc -qsf /usr/sbin/tcpdump -i br0 -w /spacious_dir/port25.cap "src or dst port 25"

...detaches the tcpdump process from the terminal and lets it run in the background.
You can retrieve "port25.cap" later and throw it into tcpdump or wireshark for further analysis.

Depending on what's needed it might also be sufficient to just set a "log only" rule in the firewall for packets at port 25.
Cancel
Vote Up 0 Vote Down

Cancel
0 Sophos User3521 over 1 year ago in reply to Alan Brand

I couldnt find the log only option.

I think that I sorted my issue by going to logging and reporting > network usage > bandwidth usage> top clients by service and selecting port 25
Cancel
Vote Up 0 Vote Down

Cancel