Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 18 replies
  • Subscribers 2 subscribers
  • Views 8398 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IP address's not in logs but shows as active

Longman
I have been chasing this for a while and have had an open a case with the reseller; they have no idea. I have several ip address's that show as Active IP Address's (licensing)  but cannot find those address's in any of the logs. I am logging all traffic in all the various firewall rules. These ip address's are from SEH Print Servers which do have a default gateway that routes to the firewall. I have gone to the length of configuring a deny rule in the firewall for those specific ip addess's. That did not rectify the issue and in addition that rule never showed any activity. Any thoughts?


This thread was automatically locked due to age.
Parents
  • 0
    Rather than look in the logs, check 'Network Usage' on the 'Bandwidth Usage' tab.  You can look at specific IPs as Client or Server to see what Apllications or Services each used.

    Maybe that will help you decide which log to search in in which time frame.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    Rather than look in the logs, check 'Network Usage' on the 'Bandwidth Usage' tab.  You can look at specific IPs as Client or Server to see what Apllications or Services each used.

    Maybe that will help you decide which log to search in in which time frame.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data