/SophosUTM-Logastsh

Push your Sophos UTM log's in your ElasticSearch after a grokking it with Logstash

Apache License 2.0Apache-2.0

Logstash Grok Pattner for Sophos UTM (9.6)

This repo contain my integration of Sophos UTM log's in ELK. For send you log's in ELK from Sophos UTM, you can go on : -> Logging & Reporting -> Log Settings -> Remote Syslog Server

Add your Syslog server and Syslog port (default 514) Note: You don't have a Syslog TLS capability on Sophos.

Configure your Rsyslog Input

I've choosen to send all my log in one file log file. Find a sample configuration in repo.

Results in Kibana

Firewall Dashboard Firewall Dashboard

IPS Dashboard IPS Dashboard

Web Proxy Dashboard Web Proxy Dashboard

VPN Dashboard VPN Dashboard

WAF Dashboard WAF Dashboard