Fastvue Sophos Reporter for Web Appliance

Installation and Setup

Setup Instructions for New Installations

Sophos Reporter for Web Appliance Install launcher

1. Download and Install

Download Sophos Reporter for Web Appliance and install on a machine (or virtual machine) that meets our recommended requirements for your network size.

Fastvue Sophos Reporter is designed for 64 bit Windows Server Operating Systems running Windows Server 2008 R2 or above (will also run on Windows 7, Windows 8 or above, but a server OS is preferred). The Web Server and Application Server Roles (.NET 3.5 and IIS) will be automatically installed and configured.
Network Size Recommended Server Specification
Less than 500 Users 4 CPUs/Cores, 6 GB RAM
500 – 1000 Users 4 CPUs/Cores, 8 GB RAM
1000 – 3000 Users 8 CPUs/Cores, 12 GB RAM
3000 – 5000 Users 8 CPUs/Cores, 16 GB RAM
5000+ Users 16 CPUs/Cores, 24 GB RAM

* Virtual environments are recommended so you can scale the resources as required.

When compared to Sophos Web Appliances’ original web filtering log files, Fastvue Sophos Reporter’s database is roughly 60% of the uncompressed log file size, or 5 times the gzipped log file size. The default data retention policy is 90 days or 50 GB, whichever comes first. This can be adjusted in Settings | Data Storage.

2. Configure Syslog

Ensure Sophos Web Appliance is configured to send Syslog messages to the Fastvue Sophos Reporter machine. This is done in Configuration | System | Alerts and Monitoring | Syslog. Simply select ‘Enable syslog’ and enter the hostname or IP of the Fastvue server. Port 514 UDP and click Apply. Ensure Port 514 (or the syslog port you chose above) is not firewalled on the Fastvue Sophos Reporter machine

Note: Sophos Web Appliance only supports a single syslog server. If you are already using the syslog server, Fastvue Sophos Reporter for Web Appliance includes a syslog forwarder. You can therefore send syslog messages to the Fastvue machine, and forward the messages on to your existing syslog server.

3. Add a Source

Add the Sophos Web Appliance as a Source in Sophos Reporter. This can be done on the start page that is presented after installation, or in Settings | Sources | Add Source. You can also choose to import historical logs, or forward syslog messages at this stage.

4. Enjoy!

It may take 10-20 seconds before the first records are imported. You can watch the records and dates imported in Settings | Sources. Once records start importing, you can go to the Dashboard tab to see your live network traffic.

Backup Fastvue Sophos Reporter

1. Backup Sophos Reporter’s Data and Settings

If you want to upgrade your existing installation, we recommend backing up your existing settings and data first. This is as simple as making a full copy of the contents of Sophos Reporter’s data location, shown in Settings | Data Storage | Settings (default is C:\ProgramData\Fastvue\Sophos Reporter for Web Appliance).

Tip: Compress the backup, especially the data.fvfs folder as this can be quite large.

Backup IIS Web Config File

2. Backup Custom IIS Settings (if applicable)

If you have secured the Sophos Reporter website with IIS or applied any other custom settings in IIS directly, you should also backup the web.config file in the website’s directory (usually under c:\inetpub\wwwroot\). The installer will attempt to also backup and restore this file for you, but this is a good idea just incase there is an issue with the installation.

Sophos Reporter for Web Appliance Install launcher

3. Upgrade / Installation

Once your current environment is backed up, simply run the new installer over the top of your existing installation to upgrade. The installer will pick up your existing settings, so just click next throughout the wizard without making any changes. Once installed, browse to the site and clear the browser cache by hitting ctrl + F5 (cmd + R on Mac).

Note: This process upgrades the application only. Your existing data and reports are not affected and will be available as normal after the installation. However, the Dashboard and Alerts from the previous installation will be cleared and will start rebuilding as new data is imported.

4. Enjoy!

It may take 10-20 seconds before the first records are imported. You can watch the records count in Settings | Sources. Once records start importing, you can go to the Dashboard tab to see your live network traffic.