Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 28 subscribers
  • Views 7725 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

I cannot search on this site with the following "log comp Appliance access"

ADogNamedGromet

ok When I search for the following all kinds of things come up 2000-4000 posts.  But nothing that describes what I am seeing in my log file.

 

I have a log that shows Appliance Access.  I can not search for its meaning or what to do about it on here.

It is too Generic of a term I think.

 

I am getting Appliance access logs from different IPs internal and  external.  I want to sort out what they are and drop the external ones.

 

How do I do this.

 

Regards Rick M



Edited TAGs
[edited by: emmosophos at 6:12 PM (GMT -7) on 4 Jun 2021]
  • 0

    Hey Rick,

    Would it be possible to share a screenshot of the log entries you are referring to? If possible, I can take a look for you if you enable your appliance's support access tunnel.

    Thanks,

  • 0 in reply to FloSupport

    I want to grant you access but when I get the internet flowing it is so slow that it gives me an intermittent .02 of a KB/s.  I don't actually think you can get in to see it.

    When I turn the DDOS rule off it speeds up a bit.  I have Logging off and used several DDos rules under IPS as the article suggests.

     

    I do see that the ddos rule is dropping traffic.  and I add the filters ddos,  dos,  flood,  and Denial of service.  This actually catches more of it.

    If I give you some screen shots what do you want to see?  Those I can post.

     

    This was working about a week ago and not much has changed.     I can post several shots of my log and the rules I have set.

     

    If we get it to the point where you can take a look I would like that.

  • 0 in reply to ADogNamedGromet

    I also have to point out that I have a bit of a strange setup.   My ISP suggested that is the problem.

    I have a Modem in Bridge mode.  I then have a Switch.  Which splits to the Sophos XG85 and to a Google wifi.  

    The Google wifi is fast and has not glitched at all.  It gets 41mbs regularly which is quite fast.  I am writing this on that now.

     

    My ISP said that I should not have two IP addresses connecting to the Bridge but I cannot figure out another way to do it.

    I would like to have the Google wifi behind the Sophos but I will save that for another day.  

    This exact setup was working 1 week ago and quite fast on both.

     

    I have tested it with either one removed the Sophos and also with the Google Wifi.

    The Sophos box has the same problem with both on or by itself.

    When it can reach Speed test  the sophos is showing less than .02kbps and the google wifi is at 42mbps or so.  

    I think having both on is not the problem causing this because it was working well only about a week ago.

    The flooding has increased since then.  I do not know how to measure where the problem is.

     

    Any help is useful.  Thank you Rick M

     

  • 0 in reply to ADogNamedGromet

    Did you fina a solution to this? I have a lot of entries in the log with this issue