Overview of Country Blocking blocked sites

Question

As Sophos Country Blocking (in the firewall section) is process in the very beginning of the process, it will affect many logs. As we freshly activated Country Blocking, it's very difficult to see the impact without looking at every log like Firewall, Web Protecting, IPS etc. 
 Is there a way to see the effect of the Country Blocking in a central or condensed log?

DouglasFoster · Answer

Having spent the last 3 years learning how to parse the log files into structured data, the answer is definitely No. Some logs have only UTM event summary data, some have a mixture of UTM summary data and raw output from the underlying component. Some log records flow over into a continuation line. Once the data is structured, the information captured in each log is significantly different. A brief introduction to my parsing method is posted at the top of the Management and Reporting sub-forum. 
 Things to know: 
 Before 9.510, there were some problems with inconsistent country blocking, both missing country codes and changing country codes. There was a related problem that web exceptions to Country Blocking had to be implemented as a web exception to "bypass url checking", because Country Blocking Exceptions did not work for web stuff. 9.510 has a fix, I believe it addresses all of these symptoms but I have not upgraded yet. 
 How to implement Country Blocking exceptions: 
 
 If the excepted device is in the Internet, the Country list for a Country Blocking Exception must be empty. Resist the urge to include all countries, as it will not work. 
 If the excepted device is Internal, the Country list for a Country Blocking Exception must not be blank. 
 
 This rule is actually in the help file, but the wording is harder to follow.