This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall Log or monitoring

Hi,
I really like my sophos utm, but I would like to see the traffic and what traffic is blocked and which passes the firewall.

I couldn't find anything where I can analyse or monitor this.
I just found the "Live Log: Firewal" and sorry this is really bad.
I can see nothing. I see just the Default drop of some high ports
and my Webadmin Connection (see Screenshot).
But I can't see things like Web, ICMP, Spotify traffic and so on which is running at the moment. And how can I do a good filtering in this log for example a special TCP port to a special IP?

Is there any good solution to have a good overview and a good method to see and analyze the traffic and the rules if they match or not?

Or do I have any config issue that I can't see anything in the log ?

This thread was automatically locked due to age.

Parents

0 BarryG over 11 years ago

Hi,

1. do you have any logging enabled on your Allow rules?
If not, allowed traffic won't show in the logs.
However, logging all traffic will cause the logs to be much larger, so you might want to only turn it on temporarily.

2. are you using the HTTP Proxy (Web Protection)?
If so, you should also look at it's log.

There is a Filter box on the live log where you can enter an IP.

Barry
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BarryG over 11 years ago

Hi,

1. do you have any logging enabled on your Allow rules?
If not, allowed traffic won't show in the logs.
However, logging all traffic will cause the logs to be much larger, so you might want to only turn it on temporarily.

2. are you using the HTTP Proxy (Web Protection)?
If so, you should also look at it's log.

There is a Filter box on the live log where you can enter an IP.

Barry
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data