Hi all - Following the guide for Sophos XG pipeline noted here
I get device=“SFW” as the message source when the Sophos logs come into Graylog.
If I add another firewall I get the same thing.
How does one adjust the source to say something else like “Client A”, “Client B”…can I make a change in Graylog or is this something on the Sophos I need to adjust?
Alternatively in the logs there is a distinguishing value “the device ID field”.
So I wonder is it possible to modify the device source to something meaningful like “ClientA” if the device_id field = a certain serial number perhaps?
Anyone come across this before?