This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Application Control syslog logging one way only

Sophos UTM 9, I am forwarding logs via syslog to ELK, the problem I have is that Application Control logs are only being forwarded one way (internal > external) but not the other way around.

This becomes very clear when I create some charts to calculate the total bandwidth consumed by each application using the "length" field and so the totals are not relevant by any means.

Under the Web Protection, It's reflected accurately though so I am not sure what the source of the problem here is.

Already have an Application Control rule at the bottom to "Allow all and log".

I already checked the "Application Control" under syslog so that's not the issue.



This thread was automatically locked due to age.
Parents
  • Hello,

    With "Application Control" it's the same as "firewall Packet filter" ... you see, controll (and log) the initial packets only.

    It's not usable to calculate the total amount of data.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

Reply
  • Hello,

    With "Application Control" it's the same as "firewall Packet filter" ... you see, controll (and log) the initial packets only.

    It's not usable to calculate the total amount of data.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

Children