We are evaluating Sophos UTM (Version 9.310-11) and I'm trying to come to grips with a few things, in particular web caching and log files (specifically Web Filtering Log).
For example, it states that if an object is returned from cache it will have a value of "1". However, I'm seeing values of cached="0", cached="4" and cached="8" in the web filtering log. Does anybody know the meaning of these values (I assume that "0" means that the object was returned from the Internet, not the cache) or is there a more up-to-date document outlining the fields in the various log files created by Sophos UTM?
Thank you for your prompt and very helpful reply. We currently have MS TMG 2010 (with a GFI WebMonitor plugin) as a proxy. Sophos UTM goes some way towards being a candidate as a possible replacement, but falls short in a few areas. I have seen a heated discussion on this very forum (https://community.sophos.com/products/unified-threat-management/astaroorg/f/51/t/22667) in relation to this topic. I will use the links you recommended to provide feedback to Sophos, hopefully they will eventually lead to some changes being made.
Quote