Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 6 subscribers
  • Views 20757 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

utm logs

AreshAreshi

Hi Guy's,

Is there any artical on how to analyze the UTM logs? I really want to understand how the logs works and how to analyze them, i.e the top client of network usage of utm shows an public IP adress (not from ours)  that has 2.5 GB http network usage. I really want to know what is this 2.5 GB data that has been genarated.

I cannot find nothing on net that explains how to analyzing the logs

Thanks



This thread was automatically locked due to age.
Parents
  • 0

    Is the entry resolved or an IP? If an IP, the first thing I'd do is a DNS lookup to see what it is. Since we know it it is HTTP traffic, check the Web Filtering log to find the transactions. You can also bring up other reports, such as top servers to see if you can correlate with the top clients information.

  • 0 in reply to Scott_Klassen
    Hi Scott,

    Thank you for the replay,

    you really save me a lot of headache, now I can see where those http connection goes.
    just one more question,

    How aobut the none default ports? in the network usage I see an IP address that has use port 4098, how can I find out information for this connection?

    Thanks
Reply
  • 0 in reply to Scott_Klassen
    Hi Scott,

    Thank you for the replay,

    you really save me a lot of headache, now I can see where those http connection goes.
    just one more question,

    How aobut the none default ports? in the network usage I see an IP address that has use port 4098, how can I find out information for this connection?

    Thanks
Children