Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 9 replies
  • Subscribers 3 subscribers
  • Views 3745 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall search results wrong format

Jeff x

Since updating UTM to 9.602, when I perform a search of the Firewall log (Logging & Reporting->View Log Files->Search Log Files), the returned results are in the same format as when you view the live log, which lacks info.

Example:

The results should look like this:

This only happens when searching the Firewall log. This does not happen if I search the other logs.

Is anyone else experiencing this issue? This is a direct result of the update to 9.602. I still experience the same issue even after importing a backup and after updating to 9.603-1.

If this is a known bug, does anyone know how to correct the issue until it is fixed in an official release?



This thread was automatically locked due to age.
Parents
  • 0

    It's worked like that as long as I can remember.  I use grep at the command line for searching 99% of the time as it lets you get more granular.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0

    It's worked like that as long as I can remember.  I use grep at the command line for searching 99% of the time as it lets you get more granular.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • 0 in reply to BAlfson

    Bob,

    Are we sure we are talking about the same thing?

    It really makes no sense to have detailed search results returned for all logs but the firewall log. It's NEVER worked that way, for me, until v9.602.  Either a bug was introduced in v9.602 or something happened during the installation of the update.

    I am positively sure that it used to return full line results without the salmon colored background.

    --------------------------------------------------------------------
    Sophos UTM 9.714-4 - Home User
    Currently testing VM on i3-9100 @ 3.60 GHz
    16 GB RAM
    Dell Optiplex XE
    Intel Core 2 Duo CPU E8600 @ 3.33GHz
    8GB RAM
    --------------------------------------------------------------------

  • 0 in reply to Jeff x

    In earlier versions, if you searched on today's Firewall log, you got the Live Log presentation.  If you searched on anything that included today, you got the regular log presentation, but that's not true today.  I just checked a client's box on 9.601 and my lab on 9.602 and confirmed that the behavior has indeed changed - not cool!

    Good job finding and reporting that!  I'll get Sophos' attention

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi All,

    Apologies for any inconveniences caused. I'm currently following up with my team regarding this. Will report back when I receive more information.

    Regards,

    Florentino
    Director, Global Community & Digital Support
    Are you a Sophos Partner? | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question, please use the 'Verify Answer' button.
    The Award-winning Home of Sophos Support Videos! - Visit Sophos Techvids
  • 0 in reply to FloSupport

    Still not fixed. I'm now running 9.700-5. Is there a workaround until it's fixed? I need the ability to search current and archived logs.

    Also, what is a good, simple, easy to use log analyzer free or paid?

    --------------------------------------------------------------------
    Sophos UTM 9.714-4 - Home User
    Currently testing VM on i3-9100 @ 3.60 GHz
    16 GB RAM
    Dell Optiplex XE
    Intel Core 2 Duo CPU E8600 @ 3.33GHz
    8GB RAM
    --------------------------------------------------------------------

  • 0 in reply to Jeff x

    Still not fixed in 9.701-6.

    --------------------------------------------------------------------
    Sophos UTM 9.714-4 - Home User
    Currently testing VM on i3-9100 @ 3.60 GHz
    16 GB RAM
    Dell Optiplex XE
    Intel Core 2 Duo CPU E8600 @ 3.33GHz
    8GB RAM
    --------------------------------------------------------------------

  • 0 in reply to Jeff x

    Since it's apparent that the Dev's have no interest in fixing this, can someone please provide a sample grep that can search for a particular IP address?

    For example, I want to have every line returned that contains the IP 1.1.1.1. Date range if from present to 21 days in the past.

    --------------------------------------------------------------------
    Sophos UTM 9.714-4 - Home User
    Currently testing VM on i3-9100 @ 3.60 GHz
    16 GB RAM
    Dell Optiplex XE
    Intel Core 2 Duo CPU E8600 @ 3.33GHz
    8GB RAM
    --------------------------------------------------------------------

  • 0 in reply to Jeff x

    Everything this month (April 2020) before the current day:

    zgrep '1\.1\.1\.1' /var/log/packetfilter/2020/04/* |more

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Thanks, Bob!

    I neglected to escape the "dots" in all of my previous trials.

    --------------------------------------------------------------------
    Sophos UTM 9.714-4 - Home User
    Currently testing VM on i3-9100 @ 3.60 GHz
    16 GB RAM
    Dell Optiplex XE
    Intel Core 2 Duo CPU E8600 @ 3.33GHz
    8GB RAM
    --------------------------------------------------------------------

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?