I'm newbie for sophos reporting interface. Our customer need to generate report from sophos to import to another application (splunk). First, they as me why on output log files on Log Files folder any different time with computer one? such as, when user on client open blocked browser, internet explorer at 10/10/2014 8:49 AM, in the output file 'DefaultCommonEvents' contain like this :
InsertedAt=2014-10-10 01:47:20; EventID=18; EventTime=2014-10-10 01:47:18; EventTypeID=5; EventType=Application control; Name=Internet Explorer 8; ReportingName=Internet Explorer 8; UserName=DOMAIN\Administrator; ActionID=1; Action=Blocked; ScanTypeID=200; ScanType=Unknown; SubTypeID=19; SubType=; ComputerName=SOPHOSSVR; ComputerDomain=DOMAIN; ComputerIPAddress=192.168.2.14
can anyone explain me about this?
other things are, how to modify script on SophosLogWriterConfig for connection string?
our script are like this:
<connectionString>Integrated Security=SSPI;Persist Security Info=False;Initial Catalog=SOPHOS52;Data Source=192.168.2.14</connectionString>
where :
Initial Catalogl= SOPHOS52, since using sophos 5.2.2 version
Data source = IPAddress Sophos console
And, how to change default directory Log files to another drive or network drive. Since as default installation they will be generate on C:\Program Files (x86)\Sophos\Reporting Interface\Log Files
thank anyone for help
The Man
This thread was automatically locked due to age.
