This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

how to find out which warning is holding up

Does anybody know in this community how we can see which warning is applicable for a user?


We see in de reports that a user is getting a warned message but this warning screen is not presented to the user so he can not give us a screenshot for example.


Is there another way in the Sophos Management appliance where we can look back and see which warning was applicable to the user?


This thread was automatically locked due to age.
  • Have you tried looking under 'Search' in the Recent Activity Search - you can search by user and status to see what specific pages a user has seen a warning for. However, because the recent activity search filters out some requests like images or other page 'furniture' you may find that not all the warnings are shown there. This is available in the Management Appliance and in a standalone Web Appliance.

    Other options to see more detail would be to use the log backup feature to write the detailed logs nightly to an FTP location, or use syslog to write logs in real-time to a syslog server.

  • Have you tried looking under 'Search' in the Recent Activity Search - you can search by user and status to see what specific pages a user has seen a warning for. However, because the recent activity search filters out some requests like images or other page 'furniture' you may find that not all the warnings are shown there. This is available in the Management Appliance and in a standalone Web Appliance.

    Other options to see more detail would be to use the log backup feature to write the detailed logs nightly to an FTP location, or use syslog to write logs in real-time to a syslog server.

  • The search/Recent Activity Search does not give me the information I need.


    The log file which is nightly FTP-ed to another location only gives HTTP codes and not reasons why a destination or download type is warned/blocked with the corresponding policy/item in the configuration.

    We will try and see if the syslog will give us more information than the log backup feature.

    At least it is nice to have some realtime logging because the logging of the management appliance is delayed up to 8 or 10 minutes!!

  • You might find the information on this page useful. Look for act=-2 in log lines for details of transactions where a Warning was generated.

    The Policy Test feature may also be helpful once you know what URLs are actually being warned.