Configuring Sophos UTM to work with ProxyInspector
Getting log files can often be a challenge when you use proprietary gateways and firewalls deployed on Linux. Luckily, this is not a problem for Sophos UTM. There are two possible ways to get the log files:
Automatic export
Sophos UTM can automatically export archived log files once daily. This option is disabled by default. To enable it, go to Logging & Reporting -> Log Settings in the management console:
Select the Remote Log File Archive, toggle this option ON in the upper right corner, and specify the settings of access to the network resource to which Sophos UTM will be exporting archives with log files. The path to this resource also needs to be specified in ProxyInspector as the path to log files.
Manual export
This option can be useful when you want to get log files created before you enabled the automatic export option. Go to Logging & Reporting -> View Log Files in the management console and select the Archived Log Files tab. ProxyInspector needs log files of only two subsystems: Web Filtering and Firewall, and you have to export them:
Access via SSH
You can also access the log files via SSH/SCP. To enable SSH, go to Management -> System Settings -> Shell access. The log files you need are located in the /var/log/http и /var/log/packetfilter folders. Each one of these folders contains subfolders of the YEAR/MONTH type, which is where the archived log files proper are stored. By default, only the root account is cleared to access the YEAR/MONTH subfolders. The loginuser account does not have such access privileges.
Configuring ProxyInspector
In ProxyInspector, specify the path to where you export log files from Sophos UTM (you can do so in the server and domain editor in the Enterprise version, or in the Program Settings in the Standard version):
Tags: Sophos UTM, ProxyInspector, log file, Astaro