SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

Logging: Enhanced log searching tools (Better search & filter)

I would like to see better and more granular search options/filters for log searching.

What if I'm interesting in a host only when it's a source and only when it goes to port 25 on another host. Today I can only give a simple search term and get way to much data back for it to be useful fast without spending too much time looking through the result.

22 votes
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Christopher ThorjussenChristopher Thorjussen shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
    Planned  ·  Angelo ComazzettoAngelo Comazzetto responded  · 

    This feature will be part of the UTM 9.2 release which will enter public beta in September 2013 for GA release in November. Stay tuned!

    3 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • tboggs13tboggs13 commented  ·   ·  Flag as inappropriate

        All log views (live and archived) should support filtering with a minimum of, source IP, destination IP, source port, destination port. Sophos touts UTM as a TMG replacement, but it is sorely lacking in this area. On the TMG 2010, all data - proxy and firewall is logged to a database and can be filtered on virtually any criteria that is logged with a few clicks. And the same interface is used for both Live and archived data. And with one click the filtered data could be dumped to a CSV file for additional parsing.

      • Anonymous commented  ·   ·  Flag as inappropriate

        Did this happen in 9.2? Logging is still a huge pain; it's nearly impossible to find what you are looking for. Source and Destination IP and Port seem like standard features in many other firewalls, and is nearly a requirement. We cant even export the logs to XLS/CSV and sort them that way. It's a huge pain.

      • malossimalossi commented  ·   ·  Flag as inappropriate

        I would add "saved searches", so you can have already predefined searches. As well as, chained searches. Protocol + IP / Mac address + port + Interface. Thanks.

      Feedback and Knowledge Base

      icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-lightbulbCreated with Sketch.