Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 2 answers
  • Subscribers 28 subscribers
  • Views 954 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG v18.5 Firewall logs

EdiH

Hi,

where can I find the firewall logs in the filesystem?

In UTM these logs are called packetfilter.log.

No success with /var/fwlog.log and similar logfiles in XG. They doesn't contain the wanted traffic.

So in which location is the firewall traffic logged and where are logfiles of the former days?

Thanks in advance for any comment.

Edi



This thread was automatically locked due to age.
Parents
  • 0

    There is no packetfilter.log as such on the CLI. Instead you can use the FW Log on Logviewer.

    You could look into Central Firewall Reporting, if you want to have a complete reporting of the traffic with everything in place.

    Why do you need a logfile in the first place? What do you want to resolve? 

  • 0 in reply to LuCar Toni

    Thanks LuCar,

    I'm investigating routing problems with suspicion that log viewer doesn't  show the correct information especially the used ports.

    As you suggested, I'll take a look in central reporting.

  • 0 in reply to EdiH

    It actually does. So Logviewer shows you all connection, which are "explicit" called. It does not show you the default drops (you do not have a firewall rule for the traffic matching). That is missing. 

    But for that, you can use "drop packet capture = drppkt" on the firewall CLI. It shows you all dropped packet in real time. 

Reply
  • 0 in reply to EdiH

    It actually does. So Logviewer shows you all connection, which are "explicit" called. It does not show you the default drops (you do not have a firewall rule for the traffic matching). That is missing. 

    But for that, you can use "drop packet capture = drppkt" on the firewall CLI. It shows you all dropped packet in real time. 

Children
No Data