This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG in ElasticSearch, Kibana, and Logstash

Hello everyone, longtime user of Astaro, Sophos UTM, and now XG. I wanted to get my XG working with an ELK stack. It was not as straightforward as I had hoped. It required multiple tweaks to index templates and logstash configurations to compensate for some of the XG syslog nuisances. Since it took me a while to get this working, I'd figured I'd share out what I did to get Sophos XG working with an ELK stack. Enjoy!

https://github.com/enigy/SophosXG-ELK

This thread was automatically locked due to age.

0 Enigy over 7 years ago

FYI, posted updates to correctly identify some fields that were either numbers or IPs.
Cancel
Vote Up 0 Vote Down

Cancel
0 Scott_D_L over 7 years ago in reply to Enigy

Thanks for your work Enigy. I will try using your configs sometime in the next week. It was on my todo list, but I've not had time to get things working yet on our ELK stack.

-Scott
Cancel
Vote Up 0 Vote Down

Cancel
0 Jameson Sweat over 7 years ago

Awesome. I just utilized your configs to get the logs passing to Elastic. Thanks for sharing!! Now to work on creating dashboards for the data.
Cancel
Vote Up 0 Vote Down

Cancel