This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Application Control syslog logging one way only

Sophos UTM 9, I am forwarding logs via syslog to ELK, the problem I have is that Application Control logs are only being forwarded one way (internal > external) but not the other way around.

This becomes very clear when I create some charts to calculate the total bandwidth consumed by each application using the "length" field and so the totals are not relevant by any means.

Under the Web Protection, It's reflected accurately though so I am not sure what the source of the problem here is.

Already have an Application Control rule at the bottom to "Allow all and log".

I already checked the "Application Control" under syslog so that's not the issue.



This thread was automatically locked due to age.
Parents
  • Hello,

    With "Application Control" it's the same as "firewall Packet filter" ... you see, controll (and log) the initial packets only.

    It's not usable to calculate the total amount of data.

    Dirk

Reply
  • Hello,

    With "Application Control" it's the same as "firewall Packet filter" ... you see, controll (and log) the initial packets only.

    It's not usable to calculate the total amount of data.

    Dirk

Children
  • Thanks Dirk for your response, to me this is a bit of a surprise because with the Web Filter, I am able to use the "size" field to calculate accurately the bandwidth usage of each domain/web app.

    There is no way whatsoever to do it in Application Control it seems...