Sophos Reporter 220.127.116.11 (2019-06-27)
- Fixed URL parsing issues that resulted in URLs such as invalid://192.168.1.2blank being shown.
- IP addresses from firewall / connection / application traffic no longer clutter the 'Top Sites' sections of Dashboards and Reports.
- Improved start up time. More specifically, improved the time it takes for Elasticsearch to initialize indexes.
- Improved some stability issues between Fastvue Reporter and Elasticsearch.
- Fixed issue where Reports filtered by Security Group would not return any data.
- Added Allowed Unproductive/Unacceptable Applications to the IT and Network Security Report
- Filtering by Department and Office is now case insensitive.
- Fixed an issue where filtering on Productivity 'Equal to' Unassigned OR Uncertain would return categories that were in neither of those Productivity lists.
- Changed the default ports used for Elasticsearch to 53864 and 53964 to help prevent port conflicts when installed alongside other applications that also use Elasticsearch, such as Acronis backup.
- The ports used by Elasticsearch can now be customised using the DatabaseElasticPort and DatabaseElasticTransportTcpPort settings in Fastvue Reporter's Settings.xml. When these values are set to 0, the default ports will be used. Note, the Fastvue Reporter service must not be running when making changes to this file.
- Applications no longer show (0 - ) for traffic where no application was recorded.
- Added Sophos XG's Application Categories to the Productivity lists in Settings | Productivity. Existing installations will need to manually move these categories from the Unassigned list to the desired list in Settings | Productivity. Alternatively, stop the Fastvue Reporter service, delete the Aliases.xml file in Fastvue Reporter's data location, and restart the Fastvue Reporter service. This resets the Productivity settings to the new defaults.
- Pie charts on the Overview Dashboard now show the 'Other' series again.
- Added new fields for Log Type, Log Component and Message ID.
For Sophos XG, these are populated based on the Sophos XG log file documentation. For example, for Log ID: 010101600001:
- Log Type = Security policy
- Log Component = Firewall rule
- Message ID = 00001
- Rule = Firewall traffic allowed
- Action = Allowed
For Sophos UTM (SG), the Message ID is set to the 'id' field, Log Type is set to the 'sys' field, and Log Component is set to the 'sub' field. For example, for the log fields: id="0076" sys="SecureWeb" sub="http":
- Log Type = SecureWeb
- Log Component = http
- Message ID = 0076
- Fixed issues with trial and registrations on systems using Hijri calendar.
- Fixed issues with license keys entered in lowercase.
- Added extra debugging information to the verbose diagnostic log to help troubleshoot email/smtp issues.
- Search Terms and YouTube Video widgets are now populated when running in Demo Mode.