Is there any way to fetch Sophos UTM WAF logs in third party log monitoring tool?
No proper categorization of logs in WAF when configured in monitor mode, we are chasing since more than two months to get fetched the logs of WAF in any third party tool (SysLog/SIEM) for the monitoring and rule setting purpose, but we couldn't get proper support from vendor as well as Sophos technical team.
Earlier we tried with Sophos iVew tool as per the vendor suggestion, the tools is specially developed for Sophos UTM but it works for specific features(reporting) only, not for log monitoring and WAF log fetching.
Can you please assist in this regards, is there any way to fetch UTM WAF logs in third party log monitoring (SysLog/SIEM) tool?
It would be appreciated, if you can help us to get categorized the WAF logs in terms with false positives, false negatives and exceptions need to set in WAF console.
Thanks in advance.
The waf activity on my SG210 / UTM 9.6 is in /var/log/reverseproxy.log
If you enable ssh login in admin, you can get into the Sophos and install an ssh public key -- then you can write a script on an external system that connects and grabs the reverseproxy log.
On my system the logs are rotated daily at 5:42am into /var/log/reverseproxy/yyyy/mm (eg /var/log/reverseproxy/2019/06)
You can also configure a remote syslog destination at logging & reporting -> log settings -> remote logging