Giters

audhen / SophosUTM-Logastsh

Push your Sophos UTM log's in your ElasticSearch after a grokking it with Logstash

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Logstash Grok Pattner for Sophos UTM (9.6)

This repo contain my integration of Sophos UTM log's in ELK. For send you log's in ELK from Sophos UTM, you can go on : -> Logging & Reporting -> Log Settings -> Remote Syslog Server

Add your Syslog server and Syslog port (default 514) Note: You don't have a Syslog TLS capability on Sophos.

Configure your Rsyslog Input

I've choosen to send all my log in one file log file. Find a sample configuration in repo.

Results in Kibana

Firewall Dashboard Firewall Dashboard

IPS Dashboard IPS Dashboard

Web Proxy Dashboard Web Proxy Dashboard

VPN Dashboard VPN Dashboard

WAF Dashboard WAF Dashboard

About

Push your Sophos UTM log's in your ElasticSearch after a grokking it with Logstash

License:Apache License 2.0