Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 11 replies
  • Answers 1 answer
  • Subscribers 30 subscribers
  • Views 5747 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to send all log entries to me via email

Marshall Ringler1

I recently migrated from SonicWall to Sophos XG, and we are required to keep records of all Firewall logs. My old SonicWall would email me several times a day, whenever the logs got full, and I could keep the emails in perpetuity to scan through as needed. How do I get my new Sophos to do the same? I want a simple, line-by-line list of all activity, including every single network attempt, success and failure that it sees, emailed to me so I can keep it forever if I want to. I don't need a pretty HTML report, with graphs and analysis, just the list of activity. The email setup is already working, but I can't figure out how to get it to send me all log entries.



This thread was automatically locked due to age.
Parents
  • 0

    I'd be careful with this is it constitutes a fairly significant security issue.

    Many security policies do not allow it, and I imagine it would be a violation of GDPR as well.

  • 0 in reply to Arie

    Our policies simply state that we have records of the firewall logs. Nothing else. GDPR doesn't apply to us, as we are domestic only, and there should be no traffic coming into our facility from any international location.

  • 0 in reply to Marshall Ringler1

    Ouch... wouldn't take much to reverse-engineer a network (or part of it) from firewall logs...

    Public IP-addresses are considered PII in many jurisdictions (including some in the USA), so sending firewall logs via e-mail would probably run afoul of any data protection or privacy laws. Not to mention that XG logs could easily include URLs.

    GDPR isn't the law in the USA - yet. It's probably coming, and then you'd have to clean up everything that contains PII - even historical data.

    Even without any legal or security requirements (e.g. PCI-DSS), sending logs via e-mail would be a very bad security practice. The main reason for implementing a firewall is security. Don't water it down...

Reply
  • 0 in reply to Marshall Ringler1

    Ouch... wouldn't take much to reverse-engineer a network (or part of it) from firewall logs...

    Public IP-addresses are considered PII in many jurisdictions (including some in the USA), so sending firewall logs via e-mail would probably run afoul of any data protection or privacy laws. Not to mention that XG logs could easily include URLs.

    GDPR isn't the law in the USA - yet. It's probably coming, and then you'd have to clean up everything that contains PII - even historical data.

    Even without any legal or security requirements (e.g. PCI-DSS), sending logs via e-mail would be a very bad security practice. The main reason for implementing a firewall is security. Don't water it down...

Children
  • 0 in reply to Arie

    Ok, there is possible this case?:

    I want to export my firewall log from Log Viewer, for ex. 4000 entries, beacuse my manager want to a bare data and he want work with excel with this. The simple export doesn't enought 'casue there is only few entries what can I see.

     

    Or even there is a way to know what is a destination port in report? The only data what I need for manager are source IP, dest. IP, and source & dest. port with protocol info.

  • 0 in reply to ChrissBook

    Have you considered setting up an external syslog server? That would give you full control over the format, allow easy mining, reporting, alerting, etc.

  • 0 in reply to Arie

    Yes, I have iView on my VM but I can't find this there or simple the is no feature like this, and... this is another system in env. I think this would be on Sophos directly.