Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 1965 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Enterprise Console - auditing firewall blocks

Neon
I am using the Enterprise Console 5.1. What is the best way to browse the Sophos log files for machines that I manage? Or better yet, is there a console dashboard or report that will show me details on all the blocked communication attempts on a particular machine or machines? We're just rolling out Sophos, and I want to watch my firewall events to make sure I'm only blocking what I want to block on various machines. I have found the report that shows me blocks, but it's woefully inadequate for driving further action. I just get a block time, the blocked application, and system name. I really want a direction, as well. When I'm actually on a managed system and pull up the Sophos console, it's got a nice interface to view activity/logs. Where is that on the Enterprise Console? Thanks!
:29491


This thread was automatically locked due to age.
Parents
  • 0

    Hello Neon,

    correct. That the Event Viewer does not show computer and user (as other categories do) is definitely a shortcoming. SCF hasn't seen dramatic changes for quite some time, you might have noticed that it is still on the 2.x version which has been introduced with SEC 4.0 (surprisingly 1.5.4 as well as 2 are is still listed as current versions) . There's a new version in the works in conjunction with Windows 8 - I expect it will contain more features in addition to the OS support (or maybe not). They are also running out on minor numbers on the 2.x line (with the current being 2.9) thus I speculate that the next will be a 3.x (and if it's "synched" again with SEC it should be 3.2 or above :smileywink:).  

    Why not make yourself heard by submitting a feature request (supplementing your post in the forum) - it probably has more weight.

    Christian

    :29541
Reply
  • 0

    Hello Neon,

    correct. That the Event Viewer does not show computer and user (as other categories do) is definitely a shortcoming. SCF hasn't seen dramatic changes for quite some time, you might have noticed that it is still on the 2.x version which has been introduced with SEC 4.0 (surprisingly 1.5.4 as well as 2 are is still listed as current versions) . There's a new version in the works in conjunction with Windows 8 - I expect it will contain more features in addition to the OS support (or maybe not). They are also running out on minor numbers on the 2.x line (with the current being 2.9) thus I speculate that the next will be a 3.x (and if it's "synched" again with SEC it should be 3.2 or above :smileywink:).  

    Why not make yourself heard by submitting a feature request (supplementing your post in the forum) - it probably has more weight.

    Christian

    :29541
Children
No Data