Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 27 subscribers
  • Views 505 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG V18 log files and how to use them?

MarkThornton

What happened to log files? Did someone decide they contained useless information and we don't need them anymore? I have been trying to stand up an XG 210 V18 with a mail server and things aren't working. I haven't found any useful log files like I am used to seeing on the UTM I am currently running. There is no way to determine why mail is stuck in the spool, why it bounced, where it was sent to, etc. All of that information is readily available in a few clicks on the UTM. After an hour on the phone with Sophos tech support they told me they will have to get back to me on this. I'm still waiting.

WTF! You don't know where your log files are or how to review them? How am I as a mere mortal supposed to be able to manage a firewall without any useful logging?

Apparently I need to start looking for a new firewall vendor? Killing off a working product while pushing out an undocumented, and apparently non-functional system that your own support people can't work with is not a promising business plan.



This thread was automatically locked due to age.
Parents
  • 0

    Hello Mark,

    Thank you for contacting the Sophos Community.

    Sorry to hear about the logs.

    Email related logs are under smtpd_main.log 

    You can check in this list the Log files details for each module.

    Would it be possible for you to share the Case ID you opened with us?

    Regards,

  • 0 in reply to emmosophos

    So we now have to use command line to do log file analysis? Back to the future? Can I pull my green screen terminal out of the attic and show everyone the future?

    The case I am fighting with is 04369139. I'm trying to replace a working UTM. Most of what I was trying to do I have given up on because I just want anything to work right now. My current hangup with the firewall has to do with web server protection (WAF) instructions that I can't figure out how to do in the version of the XG I have. I tried to engage tech support on that but they were lost as to why they couldn't find the log files and what was happening to the mail. Based on what you have provided I will take a loo at the logs and see what is left there, but I am totally unimpressed with the mail spool display which was apparently in error, and the mail log display in the email section of the web interface. Both are incomplete, and by that I mean missing messages. I had sent four messages inbound that were never delivered, yet only one showed in the spool, and two appeared in the logs displayed in the web interface. Yet when the mail was finally delivered I got all four messages. Where were the other three hiding? Why didn't they appear in the log display or the spool? Why doesn't support know how this stuff works? 

  • 0 in reply to MarkThornton

    Hello Mark,

    Thank for the Case ID.

    So the WAF (Web Server Protection) is to protect only the Server Part, not the mail communication, that is done by the Mail module.

    So all the logs related to email traffic (if you’re using MTA mode) would be in the smtpd_main.log. 

    Looks like you’re setting this up, usually your Sales Engineer can assist you with configuration setup, especially if you’re migrating from UTM to Sophos XG.

    We have this for for MTA email configuration https://docs.sophos.com/nsg/sophos-firewall/18.0/Help/en-us/webhelp/onlinehelp/nsg/sfos/learningContent/EmailConfigureEmailProtectionMTA.html which should match your XG Firewall version.

    Regards,

  • 0 in reply to emmosophos

    I know the WAF is for web stuff but modern mail servers are all about the web, almost everything is done over https 443 now. Am I not supposed to use the web server protection tools for that? And the MTA instructions are cool and all but saying that gets it all done is missing the odd person that needs holes drilled for imap and such. I appreciate that you are trying to make this sound simple, but there are multiple overlapping pieces that I am trying to get right with very little practical guidance from Sophos.

    As to a Sales Engineer, you mean the ones that got laid off? I don't have a Sophos contact or sales engineer to work with. That would be nice to have given the years I have paid into licenses for these devices. Where can I find a Sophos Sales Engineer?

  • 0 in reply to MarkThornton

    Hello Mark,

    Thank you for the follow-up. I am on the same side as you, since I think our documentation should be more detailed. 

    To let you know I have reached out to the Escalation Manager about this case, so you should be hearing back from an engineer before the day ends. 

    Also your Account Manager is aware of the same, so you might be hearing from them, so they can redirect you to your Sales Engineer and/or Migration Desk.

    I would also send you via PM the name of your Account Manager, so they can work with you to accommodate the Sales Engineer/Migration Desk.

    Regards,

Reply
  • 0 in reply to MarkThornton

    Hello Mark,

    Thank you for the follow-up. I am on the same side as you, since I think our documentation should be more detailed. 

    To let you know I have reached out to the Escalation Manager about this case, so you should be hearing back from an engineer before the day ends. 

    Also your Account Manager is aware of the same, so you might be hearing from them, so they can redirect you to your Sales Engineer and/or Migration Desk.

    I would also send you via PM the name of your Account Manager, so they can work with you to accommodate the Sales Engineer/Migration Desk.

    Regards,

Children
No Data