parsing error at UTM log

Have you tried the request in a different browser, IE, Chrome or FireFox.  Could be related to SHA certificates or TLS at a guess.

Hi

i dont talk about the content of the log.

sophos have parsing error et the logs. 

This doesn't look like a bug to me, rather some disagreement about TLS.  If you're trying to access a site that hasn't been updated to avoid the POODLE vulnerability, you would see this in the log.

Cheers - Bob

i dont talk about connntent of the log. please check the double quotes of the log.

please check the  double quotes  of message atribute. its conntent also error atribute.

it ist right now so:

message="SSL_ERROR_SYSCALL: ret=-1 error=Connection reset by peer"

it should look like so:

message="SSL_ERROR_SYSCALL: ret=-1"            error="Connection reset by peer"

that is difficult to parse by SIEM

i dont talk about connntent of the log. please check the double quotes of the log.

please check the  double quotes  of message atribute. its conntent also error atribute.

it ist right now so:

message="SSL_ERROR_SYSCALL: ret=-1 error=Connection reset by peer"

it should look like so:

message="SSL_ERROR_SYSCALL: ret=-1"            error="Connection reset by peer"

that is difficult to parse by SIEM

Thanks, Kara, I understand now.  The best way to report a bug is to get a ticket open with Sophos UTM Support - or is this a home-use license?

Cheers - Bob

we have lisans but i am rensponsable for SIEM and not for firewall. 

i hope that developer guys read this portal :)

They don't - they won't see this.  Please ask the person in charge of the Sophos to open a ticket with Sophos Support.

Cheers - Bob