Get Reports with API or SNMP

I don't get your question, sorry.

You can use third-party tools to fetch some Firewall performance-data via SNMP or API. If those third-party tools provide capability of merging those data to graphs and putting those graphs to PDF, this is probably what you want. This all has to be done manually. You may search for tools like Nagios, Zabbix, Paessler PRTG etc...

Hi,

I Already use Zabbix to monitor Sophos XG, but in snmp, i don't get some informations.

My intention is get informations like this image, Security informations, Applications Blocked, Websites blocked, etc...

I think using SNMP it's not possible, maybe using API i can get more informations about the Firewall.

I would like this too, because the only scheduled reports I can get from the GUI are PDF. (Read: scheduled).

The PDF's are way too cumbersome to look through each day. I'd much rather have a quick view of charts or HTML within the body of the email.

I looked at the API Helper which you can find on some posts. The 2016 version. It shows you an interface similar to the SF OS but when you click on things, it shows you the API commands you can use for that area. Unfortunately, Reprts is NOT one of the areas shown at least in the 2016 version of API Helper. Maybe there is a newer one somewhere

Hi,

Im still working on it.

If I'm not mistaken, XG uses the internal logs to generate reports. My assumption is that opening "real-time" API access to reports has the potential to clog XG down with analytics aggregations when it should be doing other firewall related things. If anyone can confirm or deny this, I would appreciate it.

Anyway, it would seem the best (subjective) way to get external reporting/analytics from XG would be to pump the logs to a downstream aggregation server and report from there.

My 2 cents though.

You can create such reports on a Thirdparty tool, when sending syslog to a thirdparty tool. Of course the Thirdparty Tools needs to support Reporting like this.

I'll suggest you to take an eye on Greylog (Opensource, Free) and Splunk.

Let's not forget that Sophos also has a free 100GB-capped version of iView which, one would presume, supports XG.

HuberChristian said:

... I'll suggest you to take an eye on Greylog (Opensource, Free) ...

Have you used Graylog? Their does not seem to be an extractor for XG and I'm wondering if you perhaps created one you would like to share?

Does it provide reports embeded into email body? Or can it attach a schedule HTML report? I looked into it recently but didn't see much difference between iview and the latest onboard XG reporting. The only benefit I see from it is longer retention and not bogging down the machine. Maybe some extra reports but no improvement in delivery, am I correct?

Others have mentioned graylog but don't forget to calculate hardware costs, upkeep etc. Also graylog is not known for great reporting, or charts, mostly raw logs from what I hear. Correct me if I'm wrong

I once started to create one but stopped because lack of time. It's one of my projects to do so... I'll keep you posted if I got one.

apalm123 said:

Others have mentioned graylog but don't forget to calculate hardware costs, upkeep etc. Also graylog is not known for great reporting, or charts, mostly raw logs from what I hear. Correct me if I'm wrong

This hardly depends on the Extractor, whether you are going to parse the Message, and from there on you can create reports on the parsed fields.

I finally got around to playing with Graylog. Seems to work well and I've documented my XG Pipeline in case anyone is interested.

https://marketplace.graylog.org/addons/a9b31dbd-9d26-4aba-9cf0-f0ae55209869

I finally got around to playing with Graylog. Seems to work well and I've documented my XG Pipeline in case anyone is interested.

https://marketplace.graylog.org/addons/a9b31dbd-9d26-4aba-9cf0-f0ae55209869

Care to share any examples of what it's been able to produce?

Unfortunately, I haven't had much chance to build reports from the raw data yet so I don't have anything to show in that regard. From a quick-and-dirty analytics perspective, graylog does have some easy to use charting and graphing capabilities. The dashboarding options don't seem half bad either, and I bet you could re-create most, if not all, of the native XG reports right in graylog itself. It even has mapping capabilities so you can incorporate geolocation data (also plug-and-play with graylog) into your reports. But, to be honest, I'll probably use a different reporting platform when it comes time for that. Since graylog makes easy work of stuffing everything into an elasticsearch database, the options are endless.