Sophos UTM parser
146 views
Skip to first unread message
Ron Rosson
Aug 20, 2015, 1:53:55 PM8/20/15
to security-onion
New to using SO nad have looked/searched through the list arcives to see if anyone is sending there Sophos UTM logs to SO. In searching I was unable to find if anyone has written a parser for the various logs that are produced from the Sophos UTM. For starters I woul like to have Firewall, and IPS (snort) logs for starters. Then move on to reverseproxy, forward proxy logs, and smtp proxy logs.
Anyone else have plans of this nature?
TIA
-Ron
Anyone else have plans of this nature?
TIA
-Ron
Doug Burks
Aug 20, 2015, 1:58:25 PM8/20/15
to securit...@googlegroups.com
Hi Ron,
You could configure your Sophos appliance to send to the syslog
collector at the nearest Security Onion sensor and then check ELSA to
see if they get parsed. If not and you need to be able to do
groupby's on particular fields, you could write your own parser(s):
https://github.com/Security-Onion-Solutions/security-onion/wiki/CustomELSAParsers
> --
> You received this message because you are subscribed to the Google Groups "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
> To post to this group, send email to securit...@googlegroups.com.
> Visit this group at http://groups.google.com/group/security-onion.
> For more options, visit https://groups.google.com/d/optout.
--
Doug Burks
Need Security Onion Training or Commercial Support?
http://securityonionsolutions.com
You could configure your Sophos appliance to send to the syslog
collector at the nearest Security Onion sensor and then check ELSA to
see if they get parsed. If not and you need to be able to do
groupby's on particular fields, you could write your own parser(s):
https://github.com/Security-Onion-Solutions/security-onion/wiki/CustomELSAParsers
> You received this message because you are subscribed to the Google Groups "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
> To post to this group, send email to securit...@googlegroups.com.
> Visit this group at http://groups.google.com/group/security-onion.
> For more options, visit https://groups.google.com/d/optout.
--
Doug Burks
Need Security Onion Training or Commercial Support?
http://securityonionsolutions.com
Ron Rosson
Aug 20, 2015, 2:26:06 PM8/20/15
to security-onion
Doug,
Thanks, was looking to see if anyone lese was toying with the idea before diving in and seeing what I could get done.
TIA
-Ron
Thanks, was looking to see if anyone lese was toying with the idea before diving in and seeing what I could get done.
TIA
-Ron
Reply all
Reply to author
Forward
0 new messages