Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 1967 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Enterprise Console - auditing firewall blocks

Neon
I am using the Enterprise Console 5.1. What is the best way to browse the Sophos log files for machines that I manage? Or better yet, is there a console dashboard or report that will show me details on all the blocked communication attempts on a particular machine or machines? We're just rolling out Sophos, and I want to watch my firewall events to make sure I'm only blocking what I want to block on various machines. I have found the report that shows me blocks, but it's woefully inadequate for driving further action. I just get a block time, the blocked application, and system name. I really want a direction, as well. When I'm actually on a managed system and pull up the Sophos console, it's got a nice interface to view activity/logs. Where is that on the Enterprise Console? Thanks!
:29491


This thread was automatically locked due to age.
Parents
  • 0

    I assume you mean

    Events -> Firewall Events, which brings up the "Firewall - Event Viewer" window.

    This could work on a basic level, but it's excrutiatingly simplistic. For instance, I have no chance to see which system contributed an event (so no idea where to go for troubleshooting, what rule caused it to come in, and actually still doesn't show me all the blocks that I'd like. This screen looks like it is geared for application-level events.

    The actual endpoint console's log viewer screen is excellent, and I was hoping for something like that available via the Enterprise Console.

    :29515
Reply
  • 0

    I assume you mean

    Events -> Firewall Events, which brings up the "Firewall - Event Viewer" window.

    This could work on a basic level, but it's excrutiatingly simplistic. For instance, I have no chance to see which system contributed an event (so no idea where to go for troubleshooting, what rule caused it to come in, and actually still doesn't show me all the blocks that I'd like. This screen looks like it is geared for application-level events.

    The actual endpoint console's log viewer screen is excellent, and I was hoping for something like that available via the Enterprise Console.

    :29515
Children
No Data