Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 2 subscribers
  • Views 2973 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Help needed analyzing logs

Crisman
Hi all,

I'm new with this kind of UTM equipment so I'm having some problems with some computers or smartphones connecting to outside (WLAN), I've tryed to see on the logs what protocols are being blocked but the logs are difficult to analyze, could someone gime me some hints?

Next are some example os blocked traffic that I cannot see what is being blocked.

LIVE LOG:

10:23:34 Default DROP TCP 192.168.2.199:50037→173.194.78.222:5228 [SYN] len=60 ttl=63 tos=0x00 srcmac=c8:60:0:f:cb[:D] dstmac=0:27:e:3[:D]2:14


FIREWALL LOG:

2013:07:04-10:23:34 UTM-MYHOME ulogd[4308]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="c8:60:0:f:cb[:D]" dstmac="0:27:e:3[:D]2:14" srcip="192.168.2.199" dstip="173.194.78.222" proto="6" length="60" tos="0x00" prec="0x00" ttl="63" srcport="50037" dstport="5228" tcpflags="SYN" 

Thanks in Advance!


This thread was automatically locked due to age.
Parents
  • 0
    Barry,

    one last question regarding this post, is there any tools to help analyze the firewall logs?
    When I open the firewall logs I see lots of information without break lines and its very difficult to read them.

    Thanks.
Reply
  • 0
    Barry,

    one last question regarding this post, is there any tools to help analyze the firewall logs?
    When I open the firewall logs I see lots of information without break lines and its very difficult to read them.

    Thanks.
Children
No Data