Remote Log File Archives

On the Logging & Reporting > Log Settings > Remote Log File Archives tab you can make the settings for remote archiving of log files. If remote log file archiving is enabled, the log files of the past day are packed and compressed into one file, which is transferred to a remote log file storage. Using the drop-down list you can select your preferred transfer method.

To configure a remote log file archive, proceed as follows:

  1. Enable the Remote Log File Archives function.

    Click the toggle switch.

    The toggle switch turns amber and the Remote Log File Archive area becomes editable.

  2. Select the log file archiving method.

    From the drop-down list, select your preferred archiving method. Depending on your selection, the related configuration options for each archiving method will be displayed below. You can choose between the following archiving methods:

    • FTP server: The File Transfer Protocol (FTP) method needs the following parameters to be set:

      • Host: Host definition of the FTPClosed File Transfer Protocol server.
      • Service: TCPClosed Transmission Control Protocol port the server is listening on.
      • Username: Username for the FTP server account.
      • Password: Password for the FTP server account.
      • Path: Remote (relative) path where the log files are stored.
    • SMB (CIFS) share: The SMBClosed Server Message Block method needs the following parameters to be set:

      • Host: Host definition of the SMB server.
      • Username: Username for the SMB account.
      • Password: Password for the SMB account.

        Security Note – The password will be saved plain-text in the configuration file. It is therefore advisable to create a user/password combination uniquely for this logging purpose.

      • Share: SMB share name. Enter the path or the network share information where the log files are to be transferred to, e.g. /logs/log_file_archive.
      • Workgroup/Domain: Enter the workgroup or domain the log file archive is part of.
    • Secure Copy (SSH server): To use the SCPClosed Secure Copy (from the SSH suite of computer applications for secure communication) method, it is necessary that you add the public SSH DSAClosed Digital Signature Algorithm key to the authorized keys of your SCP server. On a Linux system, you can simply cut and paste the SSH DSA key and add it to the ~/.ssh/authorized_keys file of the configured user account. During the installation, Sophos UTM creates a new SSHClosed Secure ShellDSAClosed Digital Signature Algorithm key. For security reasons, this SSH DSA key is not included in backups. After a new installation or the installation of a backup, you must therefore store the new SSH DSA key on the remote server to be able to securely copy your log file archives to the SCP server.

      Note – Find more information on generating and uploading SSH keys under Windows on the Opengear Help Desk.

      The SCP method requires the following settings:

      • Host: Host definition for the SCP server.
      • Username: Username for the SCP server account.
      • Path: Remote (full) path where the log files should be stored.
      • Public DSA key: On the remote storage host, add the provided public DSA key to the list of authorized keys.
    • Send by email: To have the log file archive sent by email, enter a valid email address.
  3. Click Apply.

    Your settings will be saved.

    The switch turns green.

If the transfer fails, the archive will remain on Sophos UTM. During each run of the log cleaning process, Sophos UTM tries to deliver all remaining archives.