Sophos Firewall - Logging and Reporting

Overview

Reporting

Logging

Notifications

Reporting

Reporting types

Built-in Reporting

  • Preconfigured dashboards for traffic, security, executive reports and user threat quotient (UTQ)
  • Preconfigured and custom reports
  • Compliance focused reports for common standard including HIPAA and PCI
  • Export or schedule reports to be sent via email

Central Firewall Reporting

  • Last 7 days of data available in Sophos Central
  • Access to reports and logs

Found in:
MONITOR & ANALYZE – Reports

Application Risk Meter

The application risk meter provides a risk assessment based on an analysis of traffic flowing through the network.
The risk meter ranges from 1 (low risk) to 5 (highest risk)

User Threat Quotient (UTQ)

The UTQ is based on a users web usage data and is intended to help to identify users that are risky or malicious or who perform naive actions such as responding to spear phishing attempts.

Report Settings

In the report settings section you can set the log retention period.
This allows to purge old data after the specified period.

Logging

Tools to retrieve log files

SCP and FTPPUT

Log Viewer

Switching to the detailed unified log view, logs will be aggregated from multiple modules. By default, all the logs will be shown.

Syslog

Sophos Firewall can be configured to log to up to 5 external syslog servers, usually on UDP port 514.

In the syslog server configuration you can select which facility you want to log for:

  • DAEMON
    includes information from services running on the firewall
  • KERNEL
    kernel logs
  • LOCAL0 – LOCAL7
    information from a specific log level
  • USER
    logging based on users who are connected to the server

Logging formats:

  • Central Reporting Format
    standard syslog format, used to log to Sophos Central
  • Device Standard Format
    is a proprietary format and is used when logging to iView

Configured in:
CONFIGURE – System services – log settings

Notifications

Overview

Email

Configured in:
SYSTEM – Administration – Notification settings

SNMP

Configured in:
SYSTEM – Administration – SNMP

Notification list

Configured in:
CONFIGURE – System settings – Notification list

Scroll to Top