Support Center

Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Source IP / Mac Address on Activity Report

Nicholas Toupin Dec 05, 2016 08:04AM PST

Is there any way to get the source IP as a column on activity reports? Every time I run an activity report and find something I find myself then having to run an overview report to get the source IP of the device it came from.

Also I'm not sure if this is a possibility at all and maybe a limitation of sophos not the reporter but is it possible to get the MAC address into reports rather than just source host/ip? Host/ip is great but going back on logs there's then multiple steps to find out what device had the traffic due to DHCP leases.

Thanks

Up 0 rated Down
Fastvue Dec 05, 2016 08:23AM PST FASTVUE Agent
Hey Nicholas,

Thanks for getting in touch about this.

If you mix in an "In Subnet" filter then you should get the Source IP added as a column to your report

For example:
Origin Domain 'Equal to' google.com
AND
Source IP 'In Subnet' 192.168.1.0/24 (replace with your desired subnet(s) in CIDR notation)

Unfortunately Sophos UTM doesn't log MAC addresses so we're unable to show this in our reports.

I hope this helps! Let me know how you go.

Cheers!
Scott
Up 0 rated Down
Fastvue Dec 13, 2016 07:58AM PST FASTVUE Agent
Hey Nicholas,

Did adding the subnet filter give you the results you were looking for?

Cheers!
Scott

Post Your Public Answer

Your name (required)
Your email address (required)
Answer (required)

Contact Us

  • Post a Public Question
  • Email Us
  • Chat with us

    Call Us @ 888.885.6711
support@fastvue.co
http://assets1.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete?b_id=1647