Is there a way to send reports or logs out from UTM 9?

The email server and credential settings should work with any server that offfers port 587 or 465 for authenticated SMTP submission.

That will allow for alarm notification (e.g. ATP events) and executive reports.   Whether the available reports show what you want is the limiting factor

What's ATP? I've seen the executive reports and they lack what I'd like to have...

Advanced Threat Protection.  It watches for devices trying to contact a known botnet control server.   You want it configured to BLOCK identified traffic.  It will also notify you (if email is configured).   It will also alarm on any attempt to do dns lookups on the .tk domain, because those destinations are expected to be high risk.

ATP is not a reporting tool, but very valuable.  

For reporting, it sounds like you will have to build your own log parsing tools.

ok that solves it - I was looking for it to alert when someone hits a blocked site from their computer inside the network...

Webfilter will block many things without alarming, based on whichever category and reputation settings you choose.  ATP catches the worst of the worst and throws red flags.  In addition to email, the dashboard page has a section that shows any ATP events.

unfortunately I need more for my network. I think I'm moving away from sophos to something like cleanrouter.com. Sounds like it may do more of what I need.

You might want to have a look at Sophos iview. That also has email reporting which you can set up. It's free (depending on your needs) and all you need is a dedicated pc or vm to run.

would be ideal if it could just plug in to my existing machine I have for UTM, also looks to need some heavier specs for the PC. Thanks for the help but I think I'm switching. Sophos seems more geared to business networks and I can't really wade through the setup of iview at this point - even though it is free. we'll see...