Hi.
I am trying to use Humio to collect logs from my Sophos UTM 9 firewall. This works well except I have a wrinkle when looking at authentication failures. I can easily see authentication failures, as they are logged, however the reason for the failure (bad password, unknown user, OTP verification failed etc) is actually recorded in a separate log entry.
I am trying to write a Humio query to search through the logs and, when it displays an authentication error, to then go and get the actual failure reason so that I can display both together rather than having to manually look for it.
The easiest way for me to do this is to simply look for a message with an authentication failure reason which happened within 5 seconds of the original error. To do this I need a list of all possible failure reasons. does anyone have such a list? I did look in Google but couldn't find anything.
Thanks in advance.
Daniel.
This thread was automatically locked due to age.