How to log only denied traffic in web filtering?

Hi,

try this report to see if it is what you require? I realise this is a report, but to my knowledge you either log or do not log in XG.

Ian

 I can also see the denied traffic if I filter the logs to show only denied traffic. However, logging everything really is unnecessary unless it was for forensics.

Hi Alan,

Also depends on what you want in your daily reports. If you don't care about daily reports then, I suggest you create a feature request asking for th ability to log blocked traffic and then post the link on the forum for others to support.

Ian

XG does log blocked packets, you just can't prevent it from logging accepted packet along with it. But that's the least of our problems; XG doesn't even have separate logs for remote access or site-to-site, or even wireless protection. It's so bad that users have to log into the console using SSH just to see logs (like SSL VPN and wireless client connections) that are not accessible from the web interface. The protection features are nice to have, but the logs are the straw that breaks the camel's back.

XG does log blocked packets, you just can't prevent it from logging accepted packet along with it. But that's the least of our problems; XG doesn't even have separate logs for remote access or site-to-site, or even wireless protection. It's so bad that users have to log into the console using SSH just to see logs (like SSL VPN and wireless client connections) that are not accessible from the web interface. The protection features are nice to have, but the logs are the straw that breaks the camel's back.

I didn't quite explain myself, you should create a feature request that allows for logging of dropped/blocked packets only. There is lots of data from logs available in the GUI, but you need to search in just about every main tab to find what you want.

Don't get me wrong I think that reporting along with a lot of other features are missing. I have posted a detailed list from what I see as wrong as a home user in another thread.

Have you explored the current activities tab.

For the wireless users depends on what you are a after simple connected device lists in the wireless tab or filtering on an IP address from a wifi connected device in the live connections tab within current activities.

Ian

XG was nice to try but I really don't think it's geared toward home users. Setting things up is very tedious (and I thought UTM was hard, but the UTM is child's play in comparison). 

The thing I dislike the most about the XG is that it's one step away from being trialware (by having trial periods for both Sophos Central for Heartbeat, and Sophos home premium make it fall under the category of trialware in my opinion.

I went back to using the UTM since it offers all the things I need, it easy to configure, and does not entice you to sign up for any free trials. The greatest benefit of the XG is the automatic default firewall policy that lets you have internet access right out of the box unlike the UTM. However I scratch my head and wonder why Sophos XG defaults to 172.16.16.16 when most home users with existing firewalls/wireless routers are almost certainly on a 192.168.2.1 network.

I hope that maybe by the time XG version 18 is released the GUI has a major overhaul for the sake of those who don't need tons of users/groups and 50 different web filtering policy templates.

Hi Alan,

I have a UTM in front of my XG so that I can manage the IPv6 configuration. XG has some nice features, but is missing so many serious items.

The XG needs internet access straight out of the build process otherwise you can't register it and it is a temporary solution, not very secure in my opinion.

Ian