Back to listing

Sophos XG Pipeline Guide (Archived)

Other Solutions

Archived Guide for setting up a Graylog Pipeline to consume Sohpos XG logs.

GaryParr
free!

Published

19 Sep 22:30

Last Push

05 Nov 11:13

Marketplace Rating

Discussion

2 Comments

Your Rating

Please sign in to rate this add-on.

Comments

GaryParr 3 months ago

Hi, sorry for not responding months ago. Unfortunately, our experiment with XG and Graylog ended a while back so I do not have the environment available to reference. If I remember correctly, we used rDNS on the generic input pipeline so everything was tagged with the actual DNS host name for source.

pctsltd about 1 year ago

Hi there - I tried the above but for some reason when I created a generic pipeline for all syslog and then created a second pipeline for sophos XG - the messages would not filter to the second pipeline so I had to have all the steps in one pipeline for the messages to be processed. More importantly though can you explain how you distinguish between multiple Sophos XG firewalls as when I undertake the steps you did - the "message.source" value as "device="SFW". This is the same on all Sophos XG firewalls we have. Any ideas how to change this so the source name can be changed to identify the relevant Sophos firewall?

Please sign in to comment.

Back to listing