0

Export Logs/files from Sophos XG 18.X  with WinSCP – Updated 2022

* This post may have affiliate links. Please see my disclosure 

Learn how to export  files from Sophos XG 18.X  with WinSCP 

Sometimes it is just easy to use applications like WinSCP to transfer logs and files from your XG device instead of messing around with CLI commands. Although I personally prefer to use CLI commands and not rely on third-party apps, however, in some circumstances, these sorts of applications can be super handy.

Despite what many people think that within the latest SFOS release 18.X is possible to use WinSCP to transfer files out, as a matter of fact, this can be 100% achievable just by tweaking some changes in the “Advanced” options and selecting the SHELLto “/bin/sh”.on the WinSCP application.

Setting up WinSCP :

  1. Select file protocol SCP
  2. Add hostname/IP
  3. Port. 22
  4. Password.
  5. Click advanced and edit the SCP/Shell, and select /bin/sh

NOTE: make sure to either open SSH or create an ACL rule under the zone you want to SCP on it to be able to establish the connection.

setupWinSCP

Once you establish the connection and try to browser into the /log directory, you will get this error with the alert of permission denied.

Permission denied Winscp

Within SFOS by default, is not allowed access to some directories such as  /log using SHELL /bin/sh , however, there are 2 different approaches to workaround this access limitation.

READ MORE: All you need to know about Sophos Central SD-WAN VPN Orchestration

Getting access/ permission to the files/logs  on XG with WinSCP

To overcome this obstacle, there are two different approaches.

1 – Create a copy of the file a transfer it to /tmp  folder, since this directory is already allowed

Ex: for instance to move the strongswan.log file, with this method it won’t be necessary to make any permission change.

In the advanced shell

# cp /log/strongswan.log /tmp/syslog.log

2- change directory permissions, using the command “change mode”.

# chmod 777 /log

NOTE: using attribute 777 you are granting full access to the directory, therefore make sure you do not allow this SSH access to anyone.

That’s it, this way you can easily download and upload logs and files from  Sophos XG 18.X  with WinSCP client application.

Juana Melo

I'm a self-taught security network engineer and blogger, sharing everything I'm learning along the way.

Leave a Reply

Your email address will not be published. Required fields are marked *