Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 5 replies
  • Answers 2 answers
  • Subscribers 10 subscribers
  • Views 5788 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Central Web History

Darth_Boss

Is Sophos Central capable of collecting and reporting detailed user or computer web activity?  Not just blocked sites or policy violations, but all websites visited in a specified time or date range?  Thanks.

 

  



This thread was automatically locked due to age.
  • 0

    Hello  

    For Sophos Central Endpoint, the events Report in Central would only list policy violations.

  • 0

    You can log it at the client (%ProgramData%\Sophos\Web Intelligence\Logs\) with a registry key addition but for centralised I think you'd need to use XG/UTM.

    Would at the client help you at all?

    Jak

  • 0 in reply to jak

    Jak,

    This would definitely come in handy for certain situations, would you mind sharing the pertinent registry key or point me at some documentation?

    The violation only logging has been a problem for us after conversion from Central from SEC\SWA which was a great platform and hard to lose... 

     

    TIA!

  • +1 in reply to ISRyanB

    To enable local logging, under:

    64-bit:
    HKLM\SOFTWARE\WOW6432Node\Sophos\Web Intelligence\

    32-bit:
    HKLM\SOFTWARE\Sophos\Web Intelligence\

    ...so you need to disable Tamper first, you can create a few DWORD values:

    • DecisionLogChannels
    • DecisionLogMaxBytes
    • DecisionLogMaxDays

    The last 2 are optional if you're happy with the current retention but to log all traffic, DecisionLogChannels can be set to 15 decimal.

    The log file is tab separated and the swi_service.exe will pick up the new keys automatically in a few seconds.

    Regards,

    Jak

  • 0 in reply to jak

    Thanks much!  I appreciate it!

Unfiltered HTML