This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Logging recomendations

Hello forum,

I'm looking for any whitepapers/recommendations available about configuring the logging. I know the basics but some more fine tune required. As of now on one of my UTM servers are ~3.500 users connected and generates http log in size of 3.5-5.5 GB/day. Which seems to be a bit high volume and also I lost the ability of live viewing via the GUI (the free space on the /root partition is ~2.2 GB and if I try to open a log file bigger than the free space it eats up all the disk and perform a fail over to the passive node. Which is expected as the size of the log file is much bigger than the free space. I know I can use a syslog server for this, but looking for fine tune methods. Like not logging where the authentication is in skip list or so.

Or is this something more or less normal behaviour and need to focus on the syslog part?



This thread was automatically locked due to age.
  • Hi Tamas,

    You can enable/disable parts of the reporting, go to, Logging & Reporting | Reporting Settings.

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • I'm not familiar with the laws in your area, Tamas, but I wouldn't be surprised if your organization isn't required to keep such logs for a period of time nor whether they can contain only part of the story.  In this world of increasing regulations, my tendency would be to favor your final thought - spend some time and money on Remote Syslogging and monitoring.  With over 3K users, there should be time and money available for that.  Just my two cents worth...

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA