Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 6 subscribers
  • Views 20757 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

utm logs

AreshAreshi

Hi Guy's,

Is there any artical on how to analyze the UTM logs? I really want to understand how the logs works and how to analyze them, i.e the top client of network usage of utm shows an public IP adress (not from ours)  that has 2.5 GB http network usage. I really want to know what is this 2.5 GB data that has been genarated.

I cannot find nothing on net that explains how to analyzing the logs

Thanks



This thread was automatically locked due to age.
Parents
  • 0

    Is the entry resolved or an IP? If an IP, the first thing I'd do is a DNS lookup to see what it is. Since we know it it is HTTP traffic, check the Web Filtering log to find the transactions. You can also bring up other reports, such as top servers to see if you can correlate with the top clients information.

Reply
  • 0

    Is the entry resolved or an IP? If an IP, the first thing I'd do is a DNS lookup to see what it is. Since we know it it is HTTP traffic, check the Web Filtering log to find the transactions. You can also bring up other reports, such as top servers to see if you can correlate with the top clients information.

Children