Sophos UTM 9 extractors for standard syslog fields

dscryber · March 26, 2022, 8:36pm

Sophos UTM 9 extractors for standard syslog fields

@mbunkus

Graylog extractors for Sophos UTM 9 standard syslog fields

The Sophos UTM remote syslog capabilities use a non-standard message format. Importing them into Graylog requires the use of a “Raw/plain text” input (either TCP or UDP will be fine) together with a extractors parsing the lines into the standard syslog fields.

The extractors in this repository will do the following:

Extract the fields facility , level , source , application_name and process_id (only if present in the line; e.g. it won’t be with kernel messages) and
modify the message field not to contain the fields extracted in step 1.

As the change in step 2 is destructive, the extractor named Syslog field "message" must be the last extractor in the list.

Topic		Replies	Views
Graylog Sophos UTM 9 Extractors Other Solutions other_solutions	0	1299	March 22, 2022
Extractor causing input to hang Graylog Central (peer support)	8	245	June 28, 2022
Extractor help needed Graylog Central (peer support)	2	715	March 15, 2021
Failed to parse field [EventTime] of type [date] Graylog Central (peer support) sidecar , windows , nxlog	4	1003	December 29, 2021
Handling syslog messages that are split by the source application Graylog Central (peer support)	8	447	December 9, 2023

Sophos UTM 9 extractors for standard syslog fields

Sophos UTM 9 extractors for standard syslog fields

Graylog extractors for Sophos UTM 9 standard syslog fields

Related Topics