SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

Is there any way to fetch Sophos UTM WAF logs in third party log monitoring tool?

No proper categorization of logs in WAF when configured in monitor mode, we are chasing since more than two months to get fetched the logs of WAF in any third party tool (SysLog/SIEM) for the monitoring and rule setting purpose, but we couldn't get proper support from vendor as well as Sophos technical team.

Earlier we tried with Sophos iVew tool as per the vendor suggestion, the tools is specially developed for Sophos UTM but it works for specific features(reporting) only, not for log monitoring and WAF log fetching.

Can you please assist in this regards, is there any way to fetch UTM WAF logs in third party log monitoring (SysLog/SIEM) tool?

It would be appreciated, if you can help us to get categorized the WAF logs in terms with false positives, false negatives and exceptions need to set in WAF console.

Thanks in advance.

1 vote
Sign in
(thinking…)
Sign in with: Facebook Google Sophos Features & Ideas Laboratory
Signed in as (Sign out)

We’ll send you updates on this idea

Sagar Patil shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

1 comment

Sign in
(thinking…)
Sign in with: Facebook Google Sophos Features & Ideas Laboratory
Signed in as (Sign out)
Submitting...
  • Michael commented  ·   ·  Flag as inappropriate

    The waf activity on my SG210 / UTM 9.6 is in /var/log/reverseproxy.log

    If you enable ssh login in admin, you can get into the Sophos and install an ssh public key -- then you can write a script on an external system that connects and grabs the reverseproxy log.

    On my system the logs are rotated daily at 5:42am into /var/log/reverseproxy/yyyy/mm (eg /var/log/reverseproxy/2019/06)

    You can also configure a remote syslog destination at logging & reporting -> log settings -> remote logging

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.