log – SGBox Next Generation SIEM & SOAR https://www.sgbox.eu Next Generation SIEM & SOAR Mon, 12 Jan 2026 17:11:33 +0000 en-US hourly 1 https://wordpress.org/?v=6.8.2 https://www.sgbox.eu/wp-content/uploads/2025/02/cropped-SGBox-symbol-png-32x32.webp log – SGBox Next Generation SIEM & SOAR https://www.sgbox.eu 32 32 Syslog configuration on Sophos Firewall https://www.sgbox.eu/en/knowledge-base/syslog-configuration-on-sophos-firewall/ Mon, 12 Jan 2026 16:49:30 +0000 https://www.sgbox.eu/?post_type=epkb_post_type_1&p=35579

Introduction

to be able to receive logs from Sophos appliance, the syslog must be configured.

Example configuration

NOTE: this is only an example configuration, the options may change due to different version or changed options.

Connect to your Sophos firewall system. Choose  System services > Log settings and click Add.

  1. Enter a name
  2. Specify settings
  3. Click on Save
  4. Go to Log settings and select the logs you want to send to the syslog server.
Syslog configuration on Sophos Firewall

From SGBox WebUI downlaod Sophos Firewall Package: SCM > Application > Pacakges

Syslog configuration on Sophos Firewall
]]> Historical Search https://www.sgbox.eu/en/knowledge-base/historical-search/ Wed, 12 Mar 2025 14:01:56 +0000 https://www.sgbox.eu/?post_type=epkb_post_type_1&p=30223

Historical Search

This section is used to analyze logs coming from each data source. You can see them in:  LM > Analysis > Historical Search

Logs are stored in a database, when you need to search logs  and you can use operator like “AND”, “OR” and “NOT” to filter the search results.
You can choose the host/asset from which you want to extract logs and set a time range. When “case sensitive” is active a check is made in the search bar of the characters, upper and lower case, that are entered.

 

Special characters (wildcards) can be used in requests like in the SQL language.
In particular, the character ‘%’ represents an arbitrary number of characters while the character ‘_’ represents a single character. For this reason the string “Beatrice” can be represented as “Bea%c_”

]]> log decryption test https://www.sgbox.eu/en/knowledge-base/log-decryption-test/ Wed, 24 May 2023 13:41:54 +0000 https://www.sgbox.it/sgbox/EN/?post_type=epkb_post_type_1&p=8784 Log decryption test

This article explain where encrypted logs are stored in SGBox and how to perform some decryption test.

First of all you need to know that after SGBox receives the logs it store the them in the Online Database in order to allows to do some searchs with Historical Search tool (LM > Analysis > Historical Seach).
Meanwhile SGBox also analyze the logs in order to produce the events you can see in Class/Pattern Analysis, Templates, Dashboards, Reports, ecc..
Here you can find some more information on how logs are stored and their retention: data retention

The raw logs are also stored on the filesystem in encrypted format using GPG. You can see them in LM > Configuration > Encryption
In this page you are also able to download a specific log file and check it can’t be read without the SGBox GPG keys

log decryption test

In order to read it you need to download the GPG keys and store the in a file (read this article to know how to do it: Export GPG key)

WINDOWS
Download & Install a GPG program like GPG4WIN (https://www.gpg4win.org/).Run the progrma and choose Import botton. Select the previuosly exported GPG keys file.log decryption test

log decryption test

Choose Decrypt/Verify and select your file.

log decryption test

Click on Save All to save the unencrypted file

log decryption test

log decryption test
LINUX
  • Import your keys:
    gpg --import < sgbox_pub.key
    gpg --import < sgbox_priv.key
  • Run following command:
    gpg -d -q data_20200202050000_20200202055959_757.log.gpg
]]>