Security Onion Sophos Syslogs #8287

Tom109123 · 2022-07-13T12:17:49Z

Tom109123
Jul 13, 2022

Hi All,

Currently I have setup Security Onion, and I am trying to setup Sophos XG syslogging.
The issue that I am facing is that the Syslogs are flowing into Security Onion fine, however, parsing is not working correctly.

See: [https://discuss.elastic.co/t/es-7-15-filebeats-sophos-xg-module-not-separating-data-into-variables/288577]
However, I am not able to fix this issue Within SO.
All data is shown in the "message" field, and not splitup in seperate fields.

Can someone point me in the right direction?

Answered by dougburks

Jul 14, 2022

Have you tried using the Filebeat module for Sophos?
https://docs.securityonion.net/en/2.3/filebeat.html#modules
https://www.elastic.co/guide/en/beats/filebeat/7.17/filebeat-module-sophos.html

View full answer

dougburks · 2022-07-14T11:54:03Z

dougburks
Jul 14, 2022
Maintainer

Have you tried using the Filebeat module for Sophos?
https://docs.securityonion.net/en/2.3/filebeat.html#modules
https://www.elastic.co/guide/en/beats/filebeat/7.17/filebeat-module-sophos.html

0 replies

Tom109123 · 2022-07-20T11:03:26Z

Tom109123
Jul 20, 2022
Author

Thanks, Filebeat module works!

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Security Onion Sophos Syslogs #8287

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Replies: 2 comments

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Security Onion Sophos Syslogs #8287

Uh oh!

Uh oh!

Tom109123 Jul 13, 2022

Replies: 2 comments

Uh oh!

dougburks Jul 14, 2022 Maintainer

Uh oh!

Tom109123 Jul 20, 2022 Author

Tom109123
Jul 13, 2022

dougburks
Jul 14, 2022
Maintainer

Tom109123
Jul 20, 2022
Author