How to get all log files on Sophos Firewall device for analysis and error handling

1.The purpose of the article

In this article, techbast will show you how to collect all the logs available on the Sophos firewall device for analysis and troubleshooting purposes.



  • Internet connection is connected at Port2 with static IP 115.78.x.x.
  • The LAN subnet is configured at Port1 with IP and has DHCP configured.
  • Finally, Computer 1 is connected to the LAN area and receives the IP from the DHCP Server as


As you know in case the device has problems such as crashes, automatic reboots, etc., we need log files to analyze the cause.

Techbast will show you how to collect all existing logs of Sophos Firewall devices.

In this tutorial Techbast will use Computer 1 to access and retrieve the log file.

4.What to do

  • Compress all log files.
  • Copy the compressed file out.


5.1.Compress all log files.

Normally all log files will be saved in the log folder.

To compress all the files in the log folder we need to access the CLI interface of the Sophos device.

On Computer 1 we have 2 ways.

First we will use Putty to SSH into the CLI interface.

For this way we need to enable SSH service on the Sophos Firewall device.

To enable logging in to the Sophos Firewall’s admin page, then go to Administration > Device Access > tick the SSH service in the LAN zone, if your computer is in the WAN zone, we tick the SSH service in the WAN zone.

Second we can use the WebUI interface to access the CLI interface.

With the second way we also need to log in to the administrative interface of Sophos Firewall.

Then we left click on the admin account in the upper left corner and click Console.

A new window will appear, press Enter and enter the password of the Sophos firewall.

After successful login we press number 5 to enter Device Management.

Then press 3 to enter Advanced Shell.

To compress all log files we use the following 2 commands:

  • cd /
  • tar -cvzf tmp/AllXGLogs.tar.gz log/*

Wait a few seconds to perform the compression.

After successful compression we can use the following command to check if the compressed file exists.

  • ls -l tmp/AllXGLogs.tar.gz

As you can see the compressed file named AllXGLogs.tar.gz has been compressed successfully, next we will use WinSCP to access the directory tree of Sophos Firewall.

On Computer 1 Techbast will turn on the WinSCP application and enter the following parameters:

  • File protocol: SFTP.
  • Host name:
  • Port number: 22.
  • User name: admin.
  • Password: enter Sophos Firewall’s password.
  • Click Login.

By default, when we access the directory tree of Sophos Firewall, we will immediately go to the tmp directory.

In the directory tree of tmp, we search for the compressed file AllXGLogs.tar.gz and drag it to the directory created at Computer 1.

As you can see, I have successfully copied the AllXGLogs.tar.gz compressed file through the Log Sophos Firewall folder at Computer 1.

Then we extract the file AllXGLogs.tar.gz and we will get all the log files of Sophos Firewall to perform the analysis.

Be the first to comment

Leave a Reply

Your email address will not be published.


This site uses Akismet to reduce spam. Learn how your comment data is processed.