• Does anyone have a list of possible authentication failures UTM can generate?

    Daniel James1
    Daniel James1
    Hi. I am trying to use Humio to collect logs from my Sophos UTM 9 firewall. This works well except I have a wrinkle when looking at authentication failures. I can easily see authentication failures, as they are logged, however the reason for the failure…
    • over 6 years ago
    • UTM Firewall
    • General Discussion
  • Problem with Sophos IPFIX Logstash

    Jimmy Junior
    Jimmy Junior
    I have recently installed the newest version of ELK stack 6.0.x and I receive this errors in logstash-plain.log: `[2017-11-30T11:27:11,235][WARN`` ][logstash.codecs.netflow ] Can't (yet) decode flowset id 260 from observation domain id 1, because no…
    • over 7 years ago
    • UTM Firewall
    • General Discussion
  • Is there a way to configure syslog do not split long log messages?

    Vitaly Karasik
    Vitaly Karasik
    For now Sohpos UTM syslog splits long log messages. Is there a way to configure syslog do not split long log messages? I'm shipping Sophos logs to my logstash server, which sends them to Elastic. I'll prefer to not deal with multi-line messages parsing…
    • Answered
    • over 7 years ago
    • UTM Firewall
    • Management, Networking, Logging and Reporting
  • ipfix.yaml file for UTM export of IPFIX flows to Logstash?

    korgull
    korgull
    From /etc/logstash/conf.d/central.conf: input { type => "ipfix" } tcp { port => 4739 codec => netflow { versions => [10] target => ipfix } type => "ipfix" } } # end of input output { if [type] == "ipfix" { elasticsearch { index => "ipfix_logs-%{+YYYY…
    • over 7 years ago
    • UTM Firewall
    • Management, Networking, Logging and Reporting
  • UTM Remote logging to Logstash/Elasticsearch ELK

    bblank
    bblank
    Posting this here if anyone wants to point their UTM logs to a remote logstash/elasticsearch instance. This is a working sample logstash.conf file. I pointed my remote logging to my logstash server on port 5140. This works for all of the UTM log types…
    • over 8 years ago
    • UTM Firewall
    • Management, Networking, Logging and Reporting