WAF log after pentestig

Question

Hello, 
 We did a Pentesting for 5 days on your Website which are behind XG WAF Firewall. 
 In the firewall rule, Advanced, Protection, We create a protection policy with is in Monitor Mode 
 So now I would like to see if we have log of the Pentesting. 
 By the GUI, I've tried to generate a report, but I have nothing... 
 So I go to connect with SSH to my firewall and log at /log/reverseproxy.log but I have many informations. 
 How can I do to see only bad trafic for a specify period ? 
 Thank you very much

Vishal_R · Answer

Hi Service Informatique2 : You may copy or download the logs in the local system and then may analyze them in notepad ++ or may use grep or vi editors to see the response code status for URLs submitted to WAF.

You may also check rule id which has triggered anomaly for any URLs and you may check those have been false positive or true detection etc with your Internal server team.

support.sophos.com/.../KB-000035562

Vishal_R · Answer

Hi Service Informatique2 Unfortunately no direct settings are available to increase the size of log files. No signature found can appear due to the URL hardening feature. You may do the needful as per below KBA:

Sophos Firewall: Error "No signature found" in WAF.

https://support.sophos.com/support/s/article/KB-000036415?language=en_US

For the Form hardening related details you may check some old discussions in the community if that helps to fix your error:

community.sophos.com/.../434778

WAF log after pentestig

Top Replies

Submitted a Tech Support Case lately from the Support Portal?