I have a suggestion for the Sophos Firewall. I would like to have a switch where I can hide entries that are empty or have a 0.
Example:
messageid="00002" log_type="Firewall" log_component="Firewall Rule" log_subtype="Denied" status="Deny" con_duration="0" fw_rule_id="27" fw_rule_name="GMail_Client2Wan" fw_rule_section="Local rule" nat_rule_id="0" nat_rule_name="" policy_type="2" sdwan_profile_id_request="0" sdwan_profile_name_request="" sdwan_profile_id_reply="0" sdwan_profile_name_reply="" gw_id_request="0" gw_name_request="" gw_id_reply="0" gw_name_reply="" sdwan_route_id_request="0" sdwan_route_name_request="" sdwan_route_id_reply="0" sdwan_route_name_reply="" user="USER-ID" user_group="Legal" web_policy_id="15" ips_policy_id="3" appfilter_policy_id="11" app_name="" app_risk="0" app_technology="" app_category="" vlan_id="" ether_type="IPv4 (0x0800)" bridge_name="" bridge_display_name="" in_interface="Port1" in_display_interface="Port1 - LAN" out_interface="" out_display_interface="" src_mac="USER-MAC" dst_mac="" src_ip="192.168.13.46" src_country="R1" dst_ip="142.251.37.3" dst_country="USA" protocol="UDP" src_port="49966" dst_port="443" packets_sent="0" packets_received="0" bytes_sent="0" bytes_received="0" src_trans_ip="" src_trans_port="0" dst_trans_ip="" dst_trans_port="0" src_zone_type="" src_zone="" dst_zone_type="" dst_zone="" con_direction="" con_id="" virt_con_id="" hb_status="No Heartbeat" message="" appresolvedby="Signature" app_is_cloud="0" log_occurrence="1" flags="0" web_policy="Default Workplace Policy with Adware Block"
messageid="00002" log_type="Firewall" log_component="Firewall Rule" log_subtype="Denied" status="Deny" con_duration="0" fw_rule_id="27" fw_rule_name="GMail_Client2Wan" fw_rule_section="Local rule" nat_rule_id="0" nat_rule_name="" policy_type="2" sdwan_profile_id_request="0" sdwan_profile_name_request="" sdwan_profile_id_reply="0" sdwan_profile_name_reply="" gw_id_request="0" gw_name_request="" gw_id_reply="0" gw_name_reply="" sdwan_route_id_request="0" sdwan_route_name_request="" sdwan_route_id_reply="0" sdwan_route_name_reply="" user="USER-ID" user_group="Legal" web_policy_id="15" ips_policy_id="3" appfilter_policy_id="11" app_name="" app_risk="0" app_technology="" app_category="" vlan_id="" ether_type="IPv4 (0x0800)" bridge_name="" bridge_display_name="" in_interface="Port1" in_display_interface="Port1 - LAN" out_interface="" out_display_interface="" src_mac="USER-MAC" dst_mac="" src_ip="192.168.13.46" src_country="R1" dst_ip="142.251.37.3" dst_country="USA" protocol="UDP" src_port="49966" dst_port="443" packets_sent="0" packets_received="0" bytes_sent="0" bytes_received="0" src_trans_ip="" src_trans_port="0" dst_trans_ip="" dst_trans_port="0" src_zone_type="" src_zone="" dst_zone_type="" dst_zone="" con_direction="" con_id="" virt_con_id="" hb_status="No Heartbeat" message="" appresolvedby="Signature" app_is_cloud="0" log_occurrence="1" flags="0" web_policy="Default Workplace Policy with Adware Block"
messageid="00002" log_type="Firewall" log_component="Firewall Rule" log_subtype="Denied" status="Deny" fw_rule_id="27" fw_rule_name="GMail_Client2Wan" fw_rule_section="Local rule" policy_type="2" user="USER-ID" user_group="Legal" web_policy_id="15" ips_policy_id="3" appfilter_policy_id="11" ether_type="IPv4 (0x0800)" in_interface="Port1" in_display_interface="Port1 - LAN" src_mac="USER-MAC" dst_mac="" src_ip="192.168.13.46" src_country="R1" dst_ip="142.251.37.3" dst_country="USA" protocol="UDP" src_port="49966" dst_port="443" hb_status="No Heartbeat" appresolvedby="Signature" log_occurrence="1" web_policy="Default Workplace Policy with Adware Block"
messageid="00002" log_type="Firewall" log_component="Firewall Rule" log_subtype="Denied" status="Deny" fw_rule_id="27" fw_rule_name="GMail_Client2Wan" fw_rule_section="Local rule" policy_type="2" user="USER-ID" user_group="Legal" web_policy_id="15" ips_policy_id="3" appfilter_policy_id="11" ether_type="IPv4 (0x0800)" in_interface="Port1" in_display_interface="Port1 - LAN" src_mac="USER-MAC" dst_mac="" src_ip="192.168.13.46" src_country="R1" dst_ip="142.251.37.3" dst_country="USA" protocol="UDP" src_port="49966" dst_port="443" hb_status="No Heartbeat" appresolvedby="Signature" log_occurrence="1" web_policy="Default Workplace Policy with Adware Block"
Added TAGs
[edited by: Raphael Alganes at 2:27 AM (GMT -7) on 28 Mar 2024]
