Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 3 subscribers
  • Views 1501 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM9 - Log everything passing through port 25

Sophos User3521

Hi,

I have sophos utm 9 and I wish to log everything that is trying to go to the internet using port 25 (smtp) how can I do that?



This thread was automatically locked due to age.
Parents
  • 0

    I know of the command 

    tcpdump -i br0 src or dst port 25

    However I would like it to be able to log even when I dont have the ssh session open for during the night etc.

  • 0 in reply to Sophos User3521

    startproc -qsf /usr/sbin/tcpdump -i br0 -w /spacious_dir/port25.cap "src or dst port 25"

    ...detaches the tcpdump process from the terminal and lets it run in the background.
    You can retrieve "port25.cap" later and throw it into tcpdump or wireshark for further analysis.

    Depending on what's needed it might also be sufficient to just set a "log only" rule in the firewall for packets at port 25.

Reply
  • 0 in reply to Sophos User3521

    startproc -qsf /usr/sbin/tcpdump -i br0 -w /spacious_dir/port25.cap "src or dst port 25"

    ...detaches the tcpdump process from the terminal and lets it run in the background.
    You can retrieve "port25.cap" later and throw it into tcpdump or wireshark for further analysis.

    Depending on what's needed it might also be sufficient to just set a "log only" rule in the firewall for packets at port 25.

Children
Unfiltered HTML