Syslog format SFOS 19.0

Hello!

There is a doc to describe new syslog settings for SFOS 19.00?

Here is real syslog from Web Content policy:

device_name="XG210" device_id=XXXXXX log_id=050901616001 log_type="Content Filtering" log_component="HTTP" log_subtype="Allowed" priority=Information fw_rule_id=4 fw_rule_name="LAN->WAN Autenticato" fw_rule_section="Local rule" user_name="userXXX" user_gp="Group1" iap=13 category="Information Technology" category_type="Acceptable" url="">euro02.azure-devices.net/.../websocket" contenttype="" override_token="" src_ip=192.168.4.108 dst_ip=1.1.1.1 protocol="TCP" src_port=50507 dst_port=443 sent_bytes=210 recv_bytes=227 domain=euro02.azure-devices.net exceptions= activityname="" reason="" user_agent="" status_code="101" transactionid=0b6a68bd-2608-413e-aca3-72ccb65e5528 referer="" download_file_name="" download_file_type="" upload_file_name="" upload_file_type="" con_id=1569846528 application="" app_is_cloud=0 override_name="" override_authorizer="" used_quota="0"

But at page 95 of "docs.sophos.com/.../sf syslog guide 18.5.pdf"  there is not mention to fw_rule_name and fw_rule_section.

I can not see any release notes of XG 19.00 that speak of this.

SIEM software that use reg_ex to extract log information is broken with this missed infos...

Thanks



Added TAGs
[edited by: emmosophos at 7:58 PM (GMT -7) on 7 Jul 2022]

Top Replies

Parents Reply Children
No Data