Do you recognize a good idea when you see one? We want to hear from you!
Header Image

I suggest you ...

Logging: Enhanced, Standarized Log Viewer with support for logical operators

Please implement a reader friendly log-, and live log reader which will output any of the the text logs to a formatted output (similar to the actual paket filter live log). Should offer following features for viewing all types of logs:

- formatted output (as paketfilter live log)
- colored (drop, pass, block, info and so on)
- expression filters
- possibility to filter (do not show) logentries (similar to user portal / smtp log), where you can hide unwanted informations)

274 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Sascha ParisSascha Paris shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
    Daniel ZobelDaniel Zobel shared a merged idea: In the Web Filtering log make it so it shows color coded traffic.  ·   · 
    Bastien BobeBastien Bobe shared a merged idea: Logging: Graphical Web Security Log  ·   · 

    16 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • BenBen commented  ·   ·  Flag as inappropriate

        If the logs can be display ala Paloalto way then Sophos is great to go else the logs are actually quite hard to decipher and that would put alot of admin off when they urgently need to filter out results or troubleshoot any issues.

      • Anonymous commented  ·   ·  Flag as inappropriate

        I currently use Checkpoint Security Gateway R70.3 and the Checkpoint-Tracker is very flexible, is it possible to filter by any kind of column (source, destination, service, port, rule, ....) making very easy to analize all traffic information. On the Sophos UTM I have very difficult to analyze the logs.

      • Anonymous commented  ·   ·  Flag as inappropriate

        need a live log with in which a website accessed by user is displayed
        For example user1 connected sites - googele.com

      • PatrickPatrick commented  ·   ·  Flag as inappropriate

        Since the log viewers are different within the device, align them. So have one way logs are viewed. That way they are no longer different per product.
        The mail manager has a great view, packet filter is ok the rest is unedited txt.
        Main issue is, you get everything all the time and are unable to cut and slice through it to only find what you need without using third party tools.

      • Adrian BaxterAdrian Baxter commented  ·   ·  Flag as inappropriate

        Absolutely. The IPS and HTTP logs are difficult to read as it scrolls horizontally and nothing is aligned. You currently have to really study the log and it is easy to miss things; you should be able to see things at a glance.

      • Anonymous commented  ·   ·  Flag as inappropriate

        yes please implement cokumn view and color marking possibility, would also be great to pipe multiple logs into one window e.g. firewall and proxy in to one log window

      • RobertRobert commented  ·   ·  Flag as inappropriate

        M too agree with you, Its very nice at the time to trouble shoot, other UTMs already has this type of feature, so i request to Astaro too... great..

      • Elmar HaagElmar Haag commented  ·   ·  Flag as inappropriate

        A "column view" is urgently needed, especially for logs with very long lines (like in the WAF or the HTTP Proxy).
        Also, the used technology (javascript?) for auto-scrolling breaks down every web browser if the log lines come in too fast. If you open http proxy log in a environment where MANY users are surfing, the browser will hang. This should be re-designed, too.

      • ATietjenATietjen commented  ·   ·  Flag as inappropriate

        Because i cant Edit my idea i had to write it as a comment:
        The white- or blacklistentry that matches schould be highlighted in the live log. This will take much lower time to find out which rule is the one, that makes the match.

      • addyjjaddyjj commented  ·   ·  Flag as inappropriate

        I agree, opening the logs in notepad isn't easy to read and find data. Maybe using a database backend to store log files with a interactive front end will make it easy to filter, read, sort and manipulate large volumes of log files.

        Thanks

      • Sascha ParisSascha Paris commented  ·   ·  Flag as inappropriate

        ...and it's difficult to follow some live logs as IPS, HTTP or SMTP, because you have to scroll horizontally between left and right corner to find requested informations. Coloring loglines and possibility of filtering out unnecessary informations would ease work with (live) logs.

      • Pieter van StokkomPieter van Stokkom commented  ·   ·  Flag as inappropriate

        hear hear! Browsing the logs, particularly in a bigger environment, is a pain. Time-outs occur frequently, getting a quick overview of the data you want is hardly possible when you don't have an outside logging server.

      Feedback and Knowledge Base