This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM Web Log Search - Output too large

SG330 | Firmware 9.352-6


I need to pull all the users who connected to a specific website for a custom time frame.  This site is not a general use site like google.com, so we shall call it foo.org.

I went to Logging & Reporting > View Log Files > Search Log Files > Web Filtering > URL = foo.org, Select time frame 01 DEC 2015 to 21 DEC 2015.

When the pop-up window opens, the log file is so large that it crashes both Chrome and Firefox, in IE the log file fills and finally the UTM times out and logs me out of the device.

I reached out to my VAR and our Sophos rep, but until I buy another 8 hour block of time, they won't help me.  I really don't want to have to go the GREP route in the CLI to get this data.  Isn't there a way to export the output of large log files into a CSV (or similar) format so I can parse with an external tool?



This thread was automatically locked due to age.
Parents
  • Hi Dan.

    Logging & Reporting > Web Protection > Web Usage Report
    Select time frame (by date)
    Select Sites from Available Reports
    Click on the entry for foo.org
    From the available Reporting Direction (filter) choose Select this view for Users
    Choose Export as CSV at the upper right.

    This won't give you time, but will tell who visited the site. This is the closest your are going to get on the UTM itself. If you need something with time stamps, you'll need to grab the raw text log files off of the UTM and create your own means (scripting) of parsing and displaying exactly what you need.

    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
Reply
  • Hi Dan.

    Logging & Reporting > Web Protection > Web Usage Report
    Select time frame (by date)
    Select Sites from Available Reports
    Click on the entry for foo.org
    From the available Reporting Direction (filter) choose Select this view for Users
    Choose Export as CSV at the upper right.

    This won't give you time, but will tell who visited the site. This is the closest your are going to get on the UTM itself. If you need something with time stamps, you'll need to grab the raw text log files off of the UTM and create your own means (scripting) of parsing and displaying exactly what you need.

    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
Children
No Data