Sophos XG Firewall Web Interface Reference and Admin Guide v16.5

| Appendix A - Logs | 519

Using this page, you can:

• Set Refresh Interval – Select refresh interval for refreshing the logs automatically. Select time from Set Refresh

Interval drop down list or click Refresh to refresh the logs.

• De-anonymize - To view actual (de-anonymized) user identities in all logs which are in encrypted from

(anonymized), if Data Anonymization is enabled.

Note: To enable Data Anonymization go to Configure > System Services > Data Anonymization page.

• View logs for all modules:

•

System

– System logs provide information about all the system related logs, including the logs for VPN events.

•

Web Filter

– Web filter logs provide web surfing details like accessed/blocked sites, users trying to access the blocked websites etc. and the action taken by the device (Allowed or Blocked).

•

Application Filter

– Application filter logs provide details about applications to which access was denied by

the device.

•

Malware

– Malware logs provide information about the viruses identified by the device.

•

Email

– Email logs provide information about the mail traffic processed by the device.

•

Firewall

– Firewall logs provide information about how much traffic passes through a particular firewall rule and through which interfaces.

•

IPS

– IPS logs provide information about the intrusion attempts detected/blocked by the device.

•

Authentication

– Authentication logs provide information about all the authentication logs including firewall,

VPN and User Portal authentication.

•

Admin

– Admin logs provide information about administrator event and tasks.

•

WAF

– WAF logs provide information about HTTP/S requests and action taken on the same.

•

Advanced Threat Protection

- ATP logs provide information related to threats detected/blocked by the device.

•

Security Heartbeat

- Security Heartbeat logs provide information on Heartbeat connection and status.

View List of System Events

Time

Time when the event occurred.

Log Comp

Displays the log components of the system event.

Log component types – HTTP, HA, central management, IPSec, L2TP, PPTP, SSL VPN, Device,

DHCP Server, Interface, Gateway, DDNS, WebCat, IPS, anti-virus, quarantine, WLAN, HTTPS, guest user, protected application server, CTA, PPPoE, wireless protection, RED, ATP, SSL VPN

Client, IPSec client, authentication clients, RED firmware, AP firmware and Up2Date.

Status

Successful: Displays event is successful.

Failed: Displays event is failed.

Username

Username of the user.

Message

Message for the type of system event.

Message ID

Message ID of the message.