Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 2 answers
  • Subscribers 26 subscribers
  • Views 1357 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Logging Admin Änderungen

Marc P1

Hallo,

wir sind kürzlich von SG auf XG umgestiegen und haben nun zum ersten Mal den Fall, dass jemand eine Regel bearbeitet hat, dabei aber etwas angepasst, was nicht sein sollte.

Was zuvor aber drin stand kann die Person nicht sagen.

Bei der SG gab es ja die Möglichkeit genau anzuschauen welche Parameter wie geändert wurden. Diese Möglichkeit sehe ich bei der XG nicht.

Sowas zB:

Kann mir da jemand weiterhin?

Was im Logviewer steht ist ja nur a la "User X hat in Regel Y einen Wert geändert" + Uhrzeit und IP. Hilft mir nur nicht sonderlich viel weiter an der Stelle.



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to the Community! 

    Open a log viewer, and change the log filter to admin to see the configuration changes.

    Reference screenshot: 

    I'll move this thread to the Sophos (XG) Firewall Community group as it's better suited there. 

    Thanks,

  • 0 in reply to FormerMember

    Hi Patel, 

    Thanks for responding, but this is what I found already.

    Would like to have it more detailed..

    What exactly did someone change.

    Not only something has been changed within a rule.

  • FormerMember
    0 FormerMember in reply to Marc P1

    Hi ,

    The configuration change would get logged in the applog.log. In the screenshot in my previous reply, I've configured Port4 with an IP address 172.16.17.1, and it generated the following log entries in the applog.log. 

    Jun 04 06:59:40 Expression Value '#Port4'=~/^([^,])*$/Jun 04 06:59:40 Validate Input Data Is Successfully :::::#Port4Jun 04 06:59:40 IPSET -A hostset ip,581,0,172.16.17.1
    Jun 04 06:59:40 Host updated successfully.
    Jun 04 06:59:40 edit_interface request %ifreq

    Thanks,

Reply
  • FormerMember
    0 FormerMember in reply to Marc P1

    Hi ,

    The configuration change would get logged in the applog.log. In the screenshot in my previous reply, I've configured Port4 with an IP address 172.16.17.1, and it generated the following log entries in the applog.log. 

    Jun 04 06:59:40 Expression Value '#Port4'=~/^([^,])*$/Jun 04 06:59:40 Validate Input Data Is Successfully :::::#Port4Jun 04 06:59:40 IPSET -A hostset ip,581,0,172.16.17.1
    Jun 04 06:59:40 Host updated successfully.
    Jun 04 06:59:40 edit_interface request %ifreq

    Thanks,

Children