Hi,
I have sophos utm 9 and I wish to log everything that is trying to go to the internet using port 25 (smtp) how can I do that?
This thread was automatically locked due to age.
Hi,
I have sophos utm 9 and I wish to log everything that is trying to go to the internet using port 25 (smtp) how can I do that?
startproc -qsf /usr/sbin/tcpdump -i br0 -w /spacious_dir/port25.cap "src or dst port 25"
...detaches the tcpdump process from the terminal and lets it run in the background.
You can retrieve "port25.cap
" later and throw it into tcpdump or wireshark for further analysis.
Depending on what's needed it might also be sufficient to just set a "log only" rule in the firewall for packets at port 25.
startproc -qsf /usr/sbin/tcpdump -i br0 -w /spacious_dir/port25.cap "src or dst port 25"
...detaches the tcpdump process from the terminal and lets it run in the background.
You can retrieve "port25.cap
" later and throw it into tcpdump or wireshark for further analysis.
Depending on what's needed it might also be sufficient to just set a "log only" rule in the firewall for packets at port 25.
I couldnt find the log only option.
I think that I sorted my issue by going to logging and reporting > network usage > bandwidth usage> top clients by service and selecting port 25