Is it possible to see the names of downloaded files, in addition to the download URLs?
Hi Janet,
Unfortunately the appliance will not output specific file names in the reports. However you can extract this information from the logs.
In order to to do this you will need to output the sophos_log to a syslog server configuration / system / alerts and monitoring / syslog tab
Once you configure the syslog you will see packets like such
h=192.168.5.16 u="-" s=200 X=+ t=1490976447 T=9747619 Ts=9 act=1 cat="-" app="-" rsn=- threat="-" type="application/octet-stream" ctype="application/octet-stream" sav-ev=5.35 sav-dv=2017.3.31.5350002 uri-dv=- cache=- in=324 out=12396816 meth=GET ref="-" ua="Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0" req="GET http://getfetch.com/Fetch_5.7.6.dmg HTTP/1.1" dom="getfetch.com" filetype="-" rule="0" filesize=12396549 axtime=0.079191 fttime=0.000070 scantime=0.002 src_cat="-" labs_cat="-" dcat_prox="-" target_ip="68.178.150.1" labs_rule_id="0" reqtime=0.003 adtime=0.000000 ftbypass=- os=Linux authn=0 auth_by=- dnstime=0.147943 quotatime=- sandbox=-
You would have to configure the syslog server (usually a script, or sed/awk/cut will work)
the ctype will indicate a file download
the req string can be pulled for the address
and you could parse out the file name with a regex in the req line
you could also grab the domain field, filesize and ip as well as the scan time if needed.
see : http://wsa.sophos.com/docs/wsa/webhelp/index.html#swa/concepts/InterpretingLogFiles.html
for a complete list of the log content.
This may make a good feature request, unfortunately I can not create it for you however you could post it here and link this message in the comments.
http://ideas.sophos.com/forums/143211-sophos-web-gateway
Thanks, appreciate the detailed answer.
