Hi Sophos Support!
I have a XG 210 with SFOS 18.04 MR-4.. and syslog forward (to a SIEM)...
I have this log...
device="SFW" date=2021-03-07 time=17:38:39 timezone="CET" device_name="XG210" device_id=C2307XXXXXXX log_id=010101600001 log_type="Firewall" log_component="Firewall Rule" log_subtype="Allowed" status="Allow" priority=Information duration=0 fw_rule_id=6 nat_rule_id=0 policy_type=1 user_name="sistem1" user_gp="Group1" iap=0 ips_policy_id=0 appfilter_policy_id=0 application="" application_risk=0 application_technology="" application_category="" vlan_id="" ether_type=Unknown (0x0000) bridge_name="" bridge_display_name="" in_interface="tun0" in_display_interface="tun0" out_interface="Port1" out_display_interface="Port1.LAN" src_mac=40:00:80:06:43:79 dst_mac=45:00:00:34:B7:18 src_ip=10.82.234.6 src_country_code=R1 dst_ip=10.20.1.198 dst_country_code=R1 protocol="TCP" src_port=63873 dst_port=443 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype="VPN" srczone="VPN" dstzonetype="LAN" dstzone="LAN" dir_disp="" connevent="Start" connid="2501075584" vconnid="" hb_health="No Heartbeat" message="" appresolvedby="Signature" app_is_cloud=0
but in relative manual https://docs.sophos.com/nsg/sophos-firewall/18.0/PDF/SFOS_Logfile_Guide_18.0.pdf for example "ether_type" or "vlan_id" or "dst_mac" is not mentioned in log_type "Firewall"
My SIEM (via a regex-based syslog log extractor - which I did) is now no longer working properly after upgrading to version 18.00..
Where can I find reliable and up-to-date documentation?
Thanks!
Thanks
This thread was automatically locked due to age.
