Back to listing

Sophos XG Pipeline Guide

Other Solutions

Guide for setting up a Graylog Pipeline to consume Sohpos XG logs.

GaryParr
free!

Published

19 Sep 22:30

Last Push

19 Sep 22:28

Marketplace Rating

Discussion

1 Comments

Your Rating

Please sign in to rate this add-on.

Comments

pctsltd 3 months ago

Hi there - I tried the above but for some reason when I created a generic pipeline for all syslog and then created a second pipeline for sophos XG - the messages would not filter to the second pipeline so I had to have all the steps in one pipeline for the messages to be processed. More importantly though can you explain how you distinguish between multiple Sophos XG firewalls as when I undertake the steps you did - the "message.source" value as "device="SFW". This is the same on all Sophos XG firewalls we have. Any ideas how to change this so the source name can be changed to identify the relevant Sophos firewall?

Please sign in to comment.

Back to listing