This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Search Log Files Query

Hi all,

We are running 2 X SG450 Appliances (Active Passive), Firmware Version 9.405-5.

I'm attempting to gain a better understanding of results output by the Logging & Reporting > View Log Files > Search Log Files facility, in particular the output from a query against the Web Filtering Log.

Among the options available is one called 'Only Display Page Requests'. Could someone please explain exactly what this option means? I ran a query using the exact same parameters with this option selected and again with the option de-selected.

When the option is not selected I get many more results than when it is selected and I'm curious as to why there is a difference.

Many thanks for your time and assistance.

Best regards,

John P

This thread was automatically locked due to age.

0 BAlfson over 8 years ago

Interesting question, John. That's not documented that I can see. My guess is that it just pulls lines with method="GET" from the file. Does that comport with what you experienced?

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 isoffice over 8 years ago in reply to BAlfson

Hi Bob,

Thank you for the input. I did another test and found that there are lines with GET, POST, CONNECT and OPTIONS in both logs. I cannot see any reason or pattern explaining why some lines are dropped when the 'Only Display Page Requests' option is selected. I guess it'll remain a mystery for the time being.

Many thanks for your assistance.

Best regards,

John

2 x SG450 (Version 9.714-4)

HA = Active-Passive
Cancel
Vote Up 0 Vote Down

Cancel