Acknowledgements
Describe the bug
I have this type of log:
<30>device_name="test" timestamp="2026-05-14T10:37:35+0200" device_model="XGSxxxx" device_serial_id="xxxx" log_id="010101600001" log_type="Firewall" log_component="Firewall Rule" log_subtype="Allowed" log_version=1 severity="Information" fw_rule_id="179" fw_rule_name="Test" fw_rule_section="Local rule" nat_rule_id="0" fw_rule_type="USER" ether_type="Unknown (0x0000)" in_interface="Lag0.5" out_interface="Lag0.30" src_mac="00:50:56:B0:2F:61" dst_mac="C8:4F:86:FC:00:11" src_ip="192.168.254.120" src_country="R1" dst_ip="172.23.3.202" dst_country="R1" protocol="UDP" src_port=56252 dst_port=161 src_zone_type="LAN" src_zone="TEST" dst_zone_type="LAN" dst_zone="TEST" con_event="Start" con_id="2058648228" hb_status="No Heartbeat" app_resolved_by="Signature" app_is_cloud="FALSE" qualifier="New" in_display_interface="Lag0.5" out_display_interface="Lag0.30" log_occurrence="1"
The log says that the packet is accepted log_subtype="Allowed" but UTMStack says "actionResult: denied" but it is an error.
Regression Issue
Expected Behavior
The correct parsing is to show allowed and not denied.
Current Behavior
Denied instead of allowed.
Reproduction Steps
See logs created by Sophos Firewall
Possible Solution
No response
Additional Information/Context
No response
UTMStack Version
11.2.6
Operating System and version
Ubuntu 24.04.4 LTS
Hypervisor and Version | Server Vendor and Model
Every machine
Browser and version
Every browser
Acknowledgements
Describe the bug
I have this type of log:
<30>device_name="test" timestamp="2026-05-14T10:37:35+0200" device_model="XGSxxxx" device_serial_id="xxxx" log_id="010101600001" log_type="Firewall" log_component="Firewall Rule" log_subtype="Allowed" log_version=1 severity="Information" fw_rule_id="179" fw_rule_name="Test" fw_rule_section="Local rule" nat_rule_id="0" fw_rule_type="USER" ether_type="Unknown (0x0000)" in_interface="Lag0.5" out_interface="Lag0.30" src_mac="00:50:56:B0:2F:61" dst_mac="C8:4F:86:FC:00:11" src_ip="192.168.254.120" src_country="R1" dst_ip="172.23.3.202" dst_country="R1" protocol="UDP" src_port=56252 dst_port=161 src_zone_type="LAN" src_zone="TEST" dst_zone_type="LAN" dst_zone="TEST" con_event="Start" con_id="2058648228" hb_status="No Heartbeat" app_resolved_by="Signature" app_is_cloud="FALSE" qualifier="New" in_display_interface="Lag0.5" out_display_interface="Lag0.30" log_occurrence="1"
The log says that the packet is accepted log_subtype="Allowed" but UTMStack says "actionResult: denied" but it is an error.
Regression Issue
Expected Behavior
The correct parsing is to show allowed and not denied.
Current Behavior
Denied instead of allowed.
Reproduction Steps
See logs created by Sophos Firewall
Possible Solution
No response
Additional Information/Context
No response
UTMStack Version
11.2.6
Operating System and version
Ubuntu 24.04.4 LTS
Hypervisor and Version | Server Vendor and Model
Every machine
Browser and version
Every browser