Hi,
Has anybody had any luck with getting decent reports out of the XG to Splunk (Lite)? I see that you can get a Sophos plugin for Splunk enterprise, but not lite.
It would be awesome to map the country codes that the XG logs to a cluster map, but I just don't have the "Splunk" knowledge to create it, nor know if that is the right thing.
Some simple searches that I have got to Splunk are:
The searches for these from left to right:
host="192.168.1.245" category_type="*" | stats count by category
host="192.168.1.245" dst_country_code="*" | stats count by dst_country_code
host="192.168.1.245" application="*" | stats count by application
host="192.168.1.245" fw_rule_id=* status="Deny" | stats count
I need to say that the dashboard in the XG is far more powerful than what I am doing here, but I am messing around with Splunk to see what I can get out of it from the XG. If anybody else has played with Splunk and the XG, please comment some of your cool searches/dashboards.
This thread was automatically locked due to age.