Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 11 replies
  • Answers 1 answer
  • Subscribers 30 subscribers
  • Views 5747 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to send all log entries to me via email

Marshall Ringler1

I recently migrated from SonicWall to Sophos XG, and we are required to keep records of all Firewall logs. My old SonicWall would email me several times a day, whenever the logs got full, and I could keep the emails in perpetuity to scan through as needed. How do I get my new Sophos to do the same? I want a simple, line-by-line list of all activity, including every single network attempt, success and failure that it sees, emailed to me so I can keep it forever if I want to. I don't need a pretty HTML report, with graphs and analysis, just the list of activity. The email setup is already working, but I can't figure out how to get it to send me all log entries.



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Marshall Ringler1

    Ouch... wouldn't take much to reverse-engineer a network (or part of it) from firewall logs...

    Public IP-addresses are considered PII in many jurisdictions (including some in the USA), so sending firewall logs via e-mail would probably run afoul of any data protection or privacy laws. Not to mention that XG logs could easily include URLs.

    GDPR isn't the law in the USA - yet. It's probably coming, and then you'd have to clean up everything that contains PII - even historical data.

    Even without any legal or security requirements (e.g. PCI-DSS), sending logs via e-mail would be a very bad security practice. The main reason for implementing a firewall is security. Don't water it down...

  • 0 in reply to Arie

    Ok, there is possible this case?:

    I want to export my firewall log from Log Viewer, for ex. 4000 entries, beacuse my manager want to a bare data and he want work with excel with this. The simple export doesn't enought 'casue there is only few entries what can I see.

     

    Or even there is a way to know what is a destination port in report? The only data what I need for manager are source IP, dest. IP, and source & dest. port with protocol info.

  • 0 in reply to ChrissBook

    Have you considered setting up an external syslog server? That would give you full control over the format, allow easy mining, reporting, alerting, etc.

  • 0 in reply to Arie

    Yes, I have iView on my VM but I can't find this there or simple the is no feature like this, and... this is another system in env. I think this would be on Sophos directly.