This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM9 - Log everything passing through port 25


I have sophos utm 9 and I wish to log everything that is trying to go to the internet using port 25 (smtp) how can I do that?

This thread was automatically locked due to age.
Parents Reply Children
  • startproc -qsf /usr/sbin/tcpdump -i br0 -w /spacious_dir/port25.cap "src or dst port 25"

    ...detaches the tcpdump process from the terminal and lets it run in the background.
    You can retrieve "port25.cap" later and throw it into tcpdump or wireshark for further analysis.

    Depending on what's needed it might also be sufficient to just set a "log only" rule in the firewall for packets at port 25.

  • I couldnt find the log only option.

    I think that I sorted my issue by going to logging and reporting > network usage > bandwidth usage> top clients by service and selecting port 25