Astaro Security Gateway Log Analysis

Astaro Security Gateway

Cyfin is designed to work with Astaro Security Gateway. It integrates easily into your current system configuration.

Company Overview

Astaro Corporation was founded in 2000, offering solutions to simplify network security, such as Astaro Security Gateway, branch office security, log management, and an e-mail archiving cloud service. In 2011 Sophos acquired Astaro and the company's UTM appliance line to deliver coordinated protection and policies between endpoint and network to its clients, along with integrated management and reporting. Astaro Security Gateway, now Sophos UTM, is a full network security platform which includes firewall, intrusion prevention system (IPS), virtual private network (VPN), e-mail, and Web security.

Cyfin - Astaro Security Gateway Configuration

Cyfin is installed on a server, not on the Astaro appliance.

Log File Setup

Log File Type:  Astaro Security or Squid Proxy

Configuration Steps

Cyfin Syslog Server listens for syslog messages from your Astaro Security Gateway device. Both UDP-based and TCP-based messages are supported.

  1. Select the Astaro Security log file configuration in Cyfin for your Astaro Security Gateway device.
  2. Specify the Directory in which the log files will be created. The default directory is [InstallPath]\wc\cf\log.
  3. Select Enable Syslog Server.
  4. For Port Type, select UDP or TCP for the Internet protocol you want to use.
  5. In the Listening Port field, the default port number is 1455. The listening port will be used by your Astaro Security Gateway device to transfer the data. You may change this number if necessary.
  6. At your Astaro Security Gateway device, specify the IP address of the Cyfin server and the listening port, and submit the syslog messages.
  7. Your log files will be created and displayed in the Log File Viewer in Cyfin.
  8. If you have many of the same Astaro Security Gateway devices, use one log file configuration with one listening port, and point each Astaro Security Gateway device to the same listening port.

NOTE:  Cyfin reads only the HTTP traffic recorded in log files. It cannot read or report on other protocols that the more recent Astaro appliance models may be capable of logging.

If your Astaro log file configurations appear as invalid in Cyfin:  We recommend configuring the Astaro syslog settings in System - Remote Syslog to only send HTTP log traffic. This will be recognized by Cyfin, and log files will be valid.

Regarding invalid log files:  You can delete or rename invalid log files, and a new one should be created. Download individual log files from the Astaro appliance by going to Local Logs - Browse. Go to HTTP Accessed Sites, and click the blue Download icon on the right side of the page. This will download the entire log for whichever day you select.

© Copyright 1996-2024 Wavecrest Computing. All Rights Reserved.
Price Quote
"We discovered that Cyfin was flexible, providing us with the details needed to make adjustments to our Policies and Bandwidth, as well as increasing employee’s productivity."

-Allen Lochamy, Atlanta Bonded Warehouse
Wavecrest Celebrating 25 years
Wavecrest Cyfin CyBlock Facebook Wavecrest Cyfin CyBlock Twitter Wavecrest Cyfin CyBlock Linkedin Wavecrest Cyfin CyBlock YouTube Wavecrest Cyfin CyBlock Knowledge Base
LEGAL PRIVACY | © Copyright 1996-2024 Wavecrest Computing. All Rights Reserved. | 321-953-5351