Export logfiles before new Installation of Sophos UTM v9

In case that Sophos still has no update for going from Version 8.306 to v9 within an UTM-cluster, I need to reinstall one of the clusternodes at my customers and restore the license file and configuration . In this procedure you are losing all your log files on the device so you need to copy the whole logsfiles manually by WebAdmin which cost a lot of time. I will show you how to copy the files to you local windows pc. We will use WinSCP Portable so we don’t need to install this tool. We need root-rights to access the log folder but we can’t access directly with user root and we can’t change the user after we logged in with loginuser, so the only possibility is to connect via a RSA key file.

First we will generate a public and private key with PuTTYgen. Click on “Generate” to generate a new key pair:

Now you need to move your mouse cursor over the blank area to generate a random key:

Fill in a comment and a key passphrase and save your private and public key to a secure place

Copy the public key from the textbox below to your clipboard and copy it to “Authorized Key for root” (Management/System Settings/Shell) and press Apply.

You can also configure a new keypair for the loginuser. Connecting via SSH with loginuser and changing to root with “su” will be still available! After this we can login via WinSCP. Fill in the hostname or IP address, choose root in username and select your previously created private key and login:

Type in your passphrase for your RSA key file:

You will find the log-folder at “/root/var”. Just copy the whole log-folder to your harddrive:

In two days I have my next migration to UTM v9 and I will try to copy back the log files to a new UTMv9 installation. After this I will post my results here.

5 thoughts on “Export logfiles before new Installation of Sophos UTM v9”

    • Hi Robert,

      everything here is tested before publishing those posts 🙂 is it working, yes! I’ve done it several times. The only thing which will not be migrated are the reports. I think they are placed in the postgres SQL database but I haven’t tried to migrate them yet.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.