SG UTM
Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.
-
Logging: Content Filter overrides on Blacklisted Sites
Logging will report any bypass for a built-in blocked category, but custom blocked URLs do not be entered into the log.
1 voteI’ll mark this as completed, however as this is a bug (not a feature) it is being tracked internally now. We’ll address this in a coming Up2Date. Thanks for reporting it. (Mantis 21605 for reference)
-
Notification Redundancy Filter
Currently, if you have email notifications enabled, and you get portscanned (or any other highly repetitive attack), you get up to 100 emails generated within seconds. It would be great if there were an option to set a redundancy filter to limit notifications on attacks with matching critera (same source, destination, and protocol) to X number of seconds.
For example, if I set this value to 10 seconds and I get portscanned continuously for one minute, I would get 1 email for every 10 seconds this attack occured for a total of 6.
2 votesThis feature is already possible, for exactly this use case. Just enable “Limit Notifications” from the notifications menu itself.
-
Identify which rule generated an entry in the packetfilter.log
At the moment I don't think it is trivial to identify which rule logged something to the packetfilter.log. It would be helpful when debugging.
3 votes -
Reporting: Multiple Syslog (Log Destination) Servers
Having more than one log destination is a good feature for both redundancy and to implement a four eye principle based security monitoring command center. It is a must have for MSS providers these days.
1 voteWe have added support for multiple syslog sever destinations in ASG V8. Enjoy!
-
Logging: Select All Button for Log File Viewer
Include a "Select All" check box so that eg. alll log files on the Today's Log Files screen can be selected and downloaded/deleted.
5 votesThis is possible in ASG V8, so I’ll mark it as completed.
-
Emailed Logs
The admin can send logfiles automaticly to himself or to another e-mail-adress. Wich logfiles to be sended he has to click by a checkbox. The logfile should then be intialisiert after sending.
3 votesI’ll close this, as email logging is already implemented, and if the admin is in front of the web gui going “email me this log” its the same as just immediately downloading it vs. immediately emailing it.
-
Logging: Detailed Admin Logging of Config Changes
Add the ability to log in detail where admins go and what they change while inside webadmin.. This has many benefits for accountability, such as if Joe with admin access navigates to packet filter---rules, and deletes a rule, it would often be helpful to know this information. If not possible to have a DETAILED log of what was changed, it would satisfy the majority of the requests if we could simply log that admin Joe went to packetfitler---rules and did a create/edit/delete of something, etc...
153 votesThis feature is included as part of ASG Version 8 which will be Generally Available at the end of June.
Watch http://up2date.astaro.com for the official announcement.
-
Logging: negation of search string for live logs
Add a negation for the search string while watching the packetfilter or other live logs. show all except port 80 (like the 'not port 80' tcpdump syntax. searching for the right log lines would make the debugging process a lot easier.
3 votes
- Don't see your idea?