This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

live monitoring of ping traffic

I'm coming from a Cisco ASA background and am finding the monitoring/logging on the UTM to be a bit difficult. On the ASA I could look a the syslog and see live monitoring of ALL traffic. Then filter accordingly.

The specific thing I'm looking for now is the ability to monitor pings (ICMP). Being as you have to set up ping in the firewall rules I'd think the firewall live log would be the place to look. Well I must be thinking wrong because it is showing neither successful nor non-successful ping traveling from the LAN to the WAN.

I've found that if I search the firewall log, using the search log files tab I can see ping info, but I need to see it live to perform debugging.

Can someone provide me some direction please?



This thread was automatically locked due to age.
Parents
  • Regarding: "I'm coming from a Cisco ASA background and am finding the monitoring/logging on the UTM to be a bit difficult. On the ASA I could look a the syslog and see live monitoring of ALL traffic. Then filter accordingly. "

    You can still log UTM to syslog, just like the Cisco.  This is part of how I troubleshoot.  I never even try to use the live log anymore.  And for live monitoring of ALL traffic, like Bob mentions, tcpdump is awesome.  It does have a bit of a learning curve if you are brand new to it, but you can filter it and see as much (or as little) as you want to see, including ascii dumps of whole packets.  Dump to a file, scp it out, then open  in Wireshark if you must.

    This feature is not unique to Sophos UTM by any means, but once you get used to it, using only logs for live troubleshooting seems is incomplete.

     

    Edit:  syslog to Cisco.  Long day, sorry.

  • Thanks Darrellr. I know Bob has mentioned it plenty of times on here too, so thanks there too Bob.

    I actually gave it a shot tonight (tcpdump) and I am quite warming to it. It's very responsive and gives you the info you need and the syntax isn't too bad once you have a few shots of it. I'll endeavor to use it from now on.

  • Years ago, Jack Daniel, one of the original Astaro gurus, suggested:

    A Tcpdump Tutorial and Primer | danielmiessler.com
    http://danielmiessler.com/study/tcpdump/

    I started with that, but now if I have a specific thing I haven't done before, Google finds it faster than I can work through Miessler's excellent piece.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Years ago, Jack Daniel, one of the original Astaro gurus, suggested:

    A Tcpdump Tutorial and Primer | danielmiessler.com
    http://danielmiessler.com/study/tcpdump/

    I started with that, but now if I have a specific thing I haven't done before, Google finds it faster than I can work through Miessler's excellent piece.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children