Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 28 subscribers
  • Views 392 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can't find firewall logs in AllXGLogs CLI dump

JasP

I've done a CLI dump of all the logs but I can't find anything that logs firewall rule hits (like the firewall section of the GUI logs).

What am I missing?!



This thread was automatically locked due to age.
Parents
  • 0

    There is no log file for such traffic, basically because the data is dynamic. What this means: Logviewer is something dynamic (Database) which includes data like "transferred data" etc. This is only available if the connection is closed. Therefore the Logviewer has data, which a static log would not fetch. 

    What is the use case for your approach? What do you want to look for? 

    Syslog could potentially log this in a static manner, but the firewall itself /log will not do this. 

    __________________________________________________________________________________________________________________

Reply
  • 0

    There is no log file for such traffic, basically because the data is dynamic. What this means: Logviewer is something dynamic (Database) which includes data like "transferred data" etc. This is only available if the connection is closed. Therefore the Logviewer has data, which a static log would not fetch. 

    What is the use case for your approach? What do you want to look for? 

    Syslog could potentially log this in a static manner, but the firewall itself /log will not do this. 

    __________________________________________________________________________________________________________________

Children
  • 0 in reply to LuCar Toni

    I get what you are saying but I don't see why the XG can't log the information that you get in the GUI interface (the firewall hits). If you can send it to syslog, you can send it to a log file.

    This is the second time I've wanted to look for some historical information (a week, two weeks ago). I don't have enough information to use the available search criteria to effectively narrow the search down in the GUI, so basically I want to look at all hits for a few hours on a certain date. There is no date filter on the GUI. I know if I scroll far enough down, I can get to it but that would take forever. It is also much easier with this sort of query having a searchable text file than the GUI which shows 20-25 lines at a time.

  • 0 in reply to JasP

    That would be a good use case for Central Firewall Reporting.

    Basically the difference is "Logging" and "Reporting". 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni
    LuCar Toni said:
    That would be a good use case for Central Firewall Reporting.

    ...or just logging/reporting it locally or putting a date filter in the GUI. Why is there no date filter in the GUI?

    I have just had a look at Central Firewall Reporting and was significantly underwhelmed. I might possibly be able to get the information I wanted if I could export the data as a CSV and browse it that way, but as I do not have the paid version, that is unavailable.

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?