I'm not seeing any syslogs being collected correctly please advise?
SELECT sensor_type Integration_Category, sensor_vendor Vendor, COUNT(*) Records, CAST(CAST(SUM(upload_size)/1024.0 AS DECIMAL(10,2)) AS VARCHAR)||'KB' Data_uploaded, CAST(DATE_DIFF('hour',MAX(ioc_created_at), NOW()) AS VARCHAR)||' Hours ago' Last_Update, ioc_worker_name FROM mdr_ioc_all GROUP BY 1,2,6 ORDER BY 1,2,6
XG or UTM?
UTM - 9.713-19 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz 16GB Memory | 500GB SATA HDD | GB Ethernet x5
Neither, sorry I've meant to post to this to Sophos Central. not UTM Firewall.
Hi Martyn Umpleby ,
Thank you for reaching out to the Sophos Community Forum. Can you please check if this article helps? This shows how you can integrate Cisco Firepower and Meraki with Sophos Central.
This is the guide that was followed. Is there any debugging in Virtual appliance VM that could help?
just to add I'm using Sophos Virtual Appliance;
Thank you for sharing more details. I am inquiring internally about what could be causing this. For clarification, is the OVA file configured and downloaded as described in this document? - docs.sophos.com/.../index.html
Before setting up the VM, you need to generate the appropriate OVA for the log collector. Additionally, the Cisco Meraki device needs to be configured to forward the syslogs to the Sophos OVA. Here's a Techvids video demonstrating this: https://techvids.sophos.com/share/watch/DGBMdhWcngheJGoCu7hCntThis is just to confirm that everything has been configured correctly. I will follow up with this thread once I have more information.
Correct those are the two guides that I've followed for the OVA - VM (Sophos Virtual Appliance),
The Syslog Meraki settings also, I've confirmed that Meraki cloud was sending correctly by settings up a 2nd separate syslog collector and this had no issues though I want to use Sophos to digest these logs.