Using SSH public key authentication for loginuser/root does not log which key was used to authenticate, because the sshd_config LogLevel is set to INFO.
It should be increased to VERBOSE, so you could determine who accessed the shell.2 votes
I have found out that packets forwarded by the Generic Proxy is not shown in the live log.
When i use the firewall live log I want to see ALL packets passing the firewall, regardless of direction or anything else.7 votes
report on detection specifics based on how the potential threat is detected, i.e. – on-access or scheduled scans
Client is looking to report on detection specifics based on how the potential threat is detected, i.e. – on-access or scheduled scans. It appear much of the pre-reqs should already be in placed as the endpoints report this data in the alerts they email out and the fields appear to exist in the database however they do not correlate properly. The field is specific is the 'ScannerType' in the ThreatEvents table. The 2XX data fields in the database do not accurately reflect anything2 votes
Companies have to prove to the law that the logs are not manipulated. Hence device must hash the log files with the time stamp. We need a menu for that on UTM. For example, customers should be able to choose the needed logs through WebAdmin, and make hashing with required logs. When needed they should be able to download the hash and log files.20 votes
Allow exporting of HTTP content filter log to a csv/ms excel/ods file (especially after using the filter to search the HTTP content filter log)13 votes
I would like to see better and more granular search options/filters for log searching.
What if I'm interesting in a host only when it's a source and only when it goes to port 25 on another host. Today I can only give a simple search term and get way to much data back for it to be useful fast without spending too much time looking through the result.25 votes
This feature will be part of the UTM 9.2 release which will enter public beta in September 2013 for GA release in November. Stay tuned!
When you choose to install an update the system just does it there is no feedback to say are you sure, especially when the system is likely to reboot after an update, for enterprise class use with the UTM 120+ then this could be a critical piece of equipment, my other request (main request) would be to have information about what is happening when tasks take longer than a few seconds (like updates), popup the up2date love log window to show the progress and actually tell the user when its done or have some sort of progress bar, a box that says... oh yeah i might reboot and btw the update is started now and there isn't anything you can do to stop me... dialog is useless.
When you choose to install an update the system just does it there is no feedback to say are you sure, especially when the system is likely to reboot after an update, for enterprise class use with the UTM 120+ then this could be a critical piece of equipment, my other request (main request) would be to have information about what is happening when tasks take longer than a few seconds (like updates), popup the up2date love log window to show the progress and actually tell the user when its done or have some sort of progress bar, a box…1 vote
My Idea is to expand the Logging of the changes of the administrators (now only 20 sessions are logged), Maybe per session one Email.2 votes
I Use multiple public IPv4 Adresses on an Interface and created masquerade rules for some servers to use specified public ip's for outgoing connections.
But it's not possible to show in logfile which public outgoing IP is used.
It is possible to extend the Firewall-Log with this informations?1 vote
In the Flow Monitor, it would be nice to be able to click on a Host/Client, and list all of their connected Host/Clients, ports that they are using, and bandwidth used for each of those. Currently The Flow Monitor only list total traffic used by a Client/Host, but for more information the text logs have to be searched.
It would also nice to be able to have fine grain control of that traffic (throttle and blocking) in real-time from inside the flow monitor. Options like Temporary blocks, or data caps, would all be bonus too.48 votes
When the log daemon is down, Astaro/Sophos can't collect any data, even if a remote syslog server has been configured; this because the system can send the logs only after they are written to the disk, when daemon is down the logs aren't written.
This is a serious problem for the Italian law.1 vote
Please implement a reader friendly log-, and live log reader which will output any of the the text logs to a formatted output (similar to the actual paket filter live log). Should offer following features for viewing all types of logs:
- formatted output (as paketfilter live log)
- colored (drop, pass, block, info and so on)
- expression filters
- possibility to filter (do not show) logentries (similar to user portal / smtp log), where you can hide unwanted informations)199 votes
These are very useful options and I guess these are very necessary features for ASG:
* Instant Messenger Controls:
* Controls file transfer through Skype, MSN, Yahoo, Google Talk and other popular instant messengers based on file name, extension and size
* Shadow copies are created of files uploaded and downloaded over IMs
* Logs are archived for chat conversation as well as file upload and download4 votes
Add the ability to globally search all logs for matching strings from a single entry box for a specified date/time range.51 votes
This feature is planned for the UTM 9.2 release later in 2013. Stay tuned.
Please, give a way to display all available live logs together of all services in only one single window27 votes
When you install a new server, all logs are lost since the logs remain at the old server.11 votes
The ability to save to sub-directories underneath SMB shares would be great.
Also a 'Test connection button' would be great. Currently we cannot use SMB archiving with our Windows cluster as it requires a DNS name be used rather than an IP address, so please add the ability to use server names rather than resolving a DNS host.3 votes
Please optimize WAS logging view of readability. Logs should be extended, not only Attack ID's. Example Log(Actual Logging ASG 8.2x): Attack ID 950907 Should be better extended with in a human readable log entry as:
Attack Type: WEB_ATTACK/COMMAND_INJECTION
Or optional additional Informations as a classification or else:
OWASP_TOP_10/A1 (SQL Injection)1 vote
The IPSec VPN live log does contain the connection name
2011:02:11-14:15:30 HOSTNAME-1 pluto[xyz]: "S_ABC_VPN" #[number]: initiating Quick Mode.....
but view "view log file" you only get
2011:02:11-14:15:30 HOSTNAME-1 pluto[xyz]: "S_REF_jYhIsAnhzG_3" #[number]: initiating Quick Mode.....
so you have to lookup the REF yourself AND it is much less "readable" as the connection name itself in the log file.
I suggest, that the connection name is also contained in the "plain" ipsec vpn logfile, and not only displayed in the live log.4 votes
Please add the ability to verify the remote archive log files server credentials (Test Button) so the admin may be certain that the archives will be written - prior to a warning email notice that the files could not be written on the target server.16 votes
- Don't see your idea?