Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 4 replies
  • Subscribers 6 subscribers
  • Views 11106 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM Web Log Search - Output too large

DanSmith

SG330 | Firmware 9.352-6


I need to pull all the users who connected to a specific website for a custom time frame.  This site is not a general use site like google.com, so we shall call it foo.org.

I went to Logging & Reporting > View Log Files > Search Log Files > Web Filtering > URL = foo.org, Select time frame 01 DEC 2015 to 21 DEC 2015.

When the pop-up window opens, the log file is so large that it crashes both Chrome and Firefox, in IE the log file fills and finally the UTM times out and logs me out of the device.

I reached out to my VAR and our Sophos rep, but until I buy another 8 hour block of time, they won't help me.  I really don't want to have to go the GREP route in the CLI to get this data.  Isn't there a way to export the output of large log files into a CSV (or similar) format so I can parse with an external tool?



This thread was automatically locked due to age.
  • 0
    Unfortunately log files can't be downloaded as anything but compressed text files.

    If you go to [Logging & Reporting] >> [View Log Files] >> [Archived Log Files]

    Select the [Web Filtering] subsystem

    Set Year to 2015 and Month to December

    Check the days you want to download the logs for

    At the bottom of the list select Action for selected items: [Download as archive file]
  • 0
    This device is being used in a School District for content filtering (CIPA) and for the usual firewall/VPN functionality.

    How would I get a report to an administrator that would show which users or IP addresses went to foo.org in the time frame specified?
  • 0

    Hi Dan.

    Logging & Reporting > Web Protection > Web Usage Report
    Select time frame (by date)
    Select Sites from Available Reports
    Click on the entry for foo.org
    From the available Reporting Direction (filter) choose Select this view for Users
    Choose Export as CSV at the upper right.

    This won't give you time, but will tell who visited the site. This is the closest your are going to get on the UTM itself. If you need something with time stamps, you'll need to grab the raw text log files off of the UTM and create your own means (scripting) of parsing and displaying exactly what you need.

    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
  • 0 in reply to DanSmith

    EDIT: I should check for replies more often.  Scott covered my next suggestion.

Unfiltered HTML