Content Comparison

...

Therefore, the valid tags include:

Product / Service	Tags	Data tables
Sophos Firewall	`firewall.sophos.general.system`	`firewall.sophos.general.system`
	`firewall.sophos.securemail.smtp`	`firewall.sophos.securemail.smtp`
	`firewall.sophos.securenet.ips`	`firewall.sophos.securenet.ips`
	`firewall.sophos.securenet.packetfilter`	`firewall.sophos.securenet.packetfilter`
	`firewall.sophos.securenet.vpn`	`firewall.sophos.securenet.vpn`
	`firewall.sophos.secureweb.eplog`	`firewall.sophos.secureweb.eplog`
	`firewall.sophos.secureweb.http`	`firewall.sophos.secureweb.http`
	`firewall.sophos.system.auth`	`firewall.sophos.system.auth`
	`firewall.sophos.system.confd`	`firewall.sophos.system.confd`
	`firewall.sophos.system.eplog`	`firewall.sophos.system.eplog`
	`firewall.sophos.system.epsecd`	`firewall.sophos.system.epsecd`
	`firewall.sophos.system.ha`	`firewall.sophos.system.ha`
	`firewall.sophos.system.loadbalancing`	`firewall.sophos.system.loadbalancing`
	`firewall.sophos.system.`

misc

firewall.sophos.system.misc

firewall.sophos.system.

`red`	`firewall.sophos.system.red`
`firewall.sophos.system.up2date`	`firewall.sophos.system.up2date`
`firewall.sophos.system.wifi`	`firewall.sophos.system.wifi`
`firewall.sophos.tagged`	`firewall.sophos.tagged`
`firewall.sophos.xgfirewall` `firewall.sophos.xgfirewall.firewall` `firewall.sophos.xgfirewall.fw` `firewall.sophos.xgfirewall.event` `firewall.sophos.xgfirewall.contentfiltering` `firewall.sophos.xgfirewall.idp` `firewall.sophos.xgfirewall.systemhealth` `firewall.sophos.xgfirewall.wirelessprotection`	`firewall.sophos.xgfirewall`
`firewall.sophos.xgfirewall.contentfiltering`	`firewall.sophos.xgfirewall.contentfiltering`
`firewall.sophos.xgfirewall.event`	`firewall.sophos.xgfirewall.event`
`firewall.sophos.xgfirewall.firewall`	`firewall.sophos.xgfirewall.firewall`
`firewall.sophos.xgfirewall.idp`	`firewall.sophos.xgfirewall.idp`
`firewall.sophos.xgfirewall.systemhealth`	`firewall.sophos.xgfirewall.systemhealth`
`firewall.sophos.xgfirewall.wirelessprotection`	`firewall.sophos.xgfirewall.wirelessprotection`

For more information, read more about Devo tags.

...

Rw ui tabs macro

Rw tab

title	1-5

firewall.sophos.general.system
firewall.sophos.securemail.smtp
firewall.sophos.securenet.ips
firewall.sophos.securenet.packetfilter
firewall.sophos.securenet.vpn

Anchor
tag1
tag1
firewall.sophos.general.system

Field	Type	Source field name	Extra fields
eventdate	`timestamp`
machine	`str`	vmachine
serverdate	`timestamp`
fwname	`str`
program	`str`
pid	`str`
message	`str`
hostchain	`str`		✓
tag	`str`		✓
rawMessage	`str`	message	✓

Anchor
tag2
tag2
firewall.sophos.securemail.smtp

Field	Type	Source field name	Extra fields
eventdate	`timestamp`
machine	`str`	vmachine
serverdate	`timestamp`
fwname	`str`
program	`str`
pid	`str`
program2	`str`
id	`str`
severity	`str`
sys	`str`
sub	`str`
name	`str`
srcIp	`ip4`
size	`int4`
mailFrom	`str`
to	`str`
subject	`str`
queueId	`str`
unknown	`str`
hostchain	`str`		✓
tag	`str`		✓
rawMessage	`str`	rawSource	✓

Anchor
tag3
tag3
firewall.sophos.securenet.ips

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

machine

str

vmachine

serverdate

timestamp

fwname

str

program

str

pid

str

id

str

severity

str

priority

int4

sys

str

sub

str

name

str

reason

str

class

str

sid

str

generator

str

msgid

str

ipsGroup

str

srcIp

ip4

dstIp

ip4

srcPort

int4

dstPort

int4

protoStr

str

Code Block
(proto = 6) ? "TCP" : (proto = 17) ? "UDP" : (proto = 1) ? "ICMP" : null("")

proto

int4

action

str

fwrule

int4

srcIface

str

dstIface

str

srcMac

str

dstMac

str

length

int4

tos

int4

prec

int4

ttl

int4

tcpFlags

str

type

str

code

str

mark

str

app

str

unknown

str

hostchain

str

✓

tag

str

✓

rawMessage

str

rawSource

✓

Anchor
tag4
tag4
firewall.sophos.securenet.packetfilter

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

machine

str

vmachine

serverdate

timestamp

serverdate_str

str

serverdate

fwname

str

program

str

pid

str

id

str

severity

str

sys

str

sub

str

action

str

fwrule

int4

srcIp

ip4

dstIp

ip4

srcPort

int4

dstPort

int4

protoStr

str

Code Block
(proto = 6) ? "TCP" : (proto = 17) ? "UDP" : (proto = 1) ? "ICMP" : null("")

proto

int4

name

str

srcIface

str

dstIface

str

srcMac

str

dstMac

str

length

int4

tos

int4

prec

int4

ttl

int4

tcpFlags

str

type

str

code

str

mark

str

app

str

unknown

str

hostchain

str

✓

tag

str

✓

rawMessage

str

rawSource

✓

Anchor
tag5
tag5
firewall.sophos.securenet.vpn

Field	Type	Source field name	Extra fields
eventdate	`timestamp`
machine	`str`	vmachine
serverdate	`timestamp`
fwname	`str`
program	`str`
pid	`str`
id	`str`
severity	`str`
sys	`str`
sub	`str`
event	`str`
variant	`str`
connection	`str`
username	`str`
address	`ip4`
virtIp	`ip4`
localNet	`str`	localNetStr
remoteNet	`str`	remoteNetStr
unknown	`str`
hostchain	`str`		✓
tag	`str`		✓
rawMessage	`str`	rawSource	✓

Rw tab

title	6-10

firewall.sophos.secureweb.eplog
firewall.sophos.secureweb.http
firewall.sophos.system.auth
firewall.sophos.system.confd
firewall.sophos.system.eplog

Anchor
tag6
tag6
firewall.sophos.secureweb.eplog

Field	Type	Source field name	Extra fields
eventdate	`timestamp`
machine	`str`	vmachine
serverdate	`timestamp`
fwname	`str`
program	`str`
pid	`str`
id	`str`
severity	`str`
sys	`str`
sub	`str`
name	`str`
action	`str`
srcIp	`ip4`
dstIp	`ip4`
method	`str`
user	`str`
statusCode	`int4`
cached	`int4`
profile	`str`
filterAction	`str`
reason	`str`
size	`int4`
request	`str`
url	`str`
exceptions	`str`
error	`str`
category	`str`
reputation	`str`
categoryName	`str`
serverdate2	`timestamp`
hostname2	`str`
program2	`str`
unknown	`str`
hostchain	`str`		✓
tag	`str`		✓

Anchor
tag7
tag7
firewall.sophos.secureweb.http

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

machine

str

vmachine

serverdate

timestamp

fwname

str

program

str

pid

str

id

str

severity

str

sys

str

sub

str

name

str

action

str

srcIp

ip4

dstIp

ip4

method

str

user

str

statusCode

int4

statusCodeStr

str

Code Block

(isnull(statusCode)) ? null("") : (statusCode = 200) ? "Successful,OK" : (statusCode = 404) ? "Client error,Not found" : (statusCode = 302) ? "Redirection,Found" : (statusCode = 304) ? "Redirection,Not modified" : (statusCode = 500) ? "Server error,Internal server error" : (statusCode = 206) ? "Successful,Partial content" : (statusCode = 301) ? "Redirection,Moved permanently" : (statusCode = 204) ? "Successful,No content" : (statusCode = 502) ? "Server error,Bad gateway" : (statusCode = 401) ? "Client error,Unauthorized" : (statusCode = 501) ? "Server error,Not implemented" : (statusCode = 400) ? "Client error,Bad request" : (statusCode = 307) ? "Redirection,Temporary redirect" : (statusCode = 403) ? "Client error,Forbidden" : (statusCode = 405) ? "Client error,Method not allowed" : (statusCode = 504) ? "Server error,Gateway timeout" : (statusCode = 201) ? "Successful,Created" : (statusCode = 303) ? "Redirection,See other" : (statusCode = 503) ? "Server error,Service unavailable" : (statusCode = 414) ? "Client error,Request-URI too long" : (statusCode = 202) ? "Successful,Accepted" : "-"

statusCode

cached

int4

profile

str

filterAction

str

reason

str

size

int4

request

str

url

str

exceptions

str

error

str

authTime

int8

dnsTime

int8

catTime

int8

avScanTime

int8

fullReqTime

int8

device

str

auth

str

app

str

category

str

reputation

str

categoryName

str

contentType

str

function

str

file

str

line

int4

message

str

unknown

str

hostchain

str

✓

tag

str

✓

rawMessage

str

rawSource

✓

Anchor
tag8
tag8
firewall.sophos.system.auth

Field	Type	Source field name	Extra fields
eventdate	`timestamp`
machine	`str`	vmachine
serverdate	`timestamp`
fwname	`str`
program	`str`
pid	`str`
id	`str`
severity	`str`
sys	`str`
sub	`str`
name	`str`
srcIp	`ip4`
user	`str`
reason	`str`
caller	`str`
engine	`str`
unknown	`str`
hostchain	`str`		✓
tag	`str`		✓
rawMessage	`str`	rawSource	✓

Anchor
tag9
tag9
firewall.sophos.system.confd

Field	Type	Source field name	Extra fields
eventdate	`timestamp`
machine	`str`	vmachine
serverdate	`timestamp`
fwname	`str`
program	`str`
pid	`str`
function	`str`
id	`str`
severity	`str`
sys	`str`
sub	`str`
name	`str`
srcIp	`ip4`
method	`str`
user	`str`
sid	`str`
facility	`str`
confdClient	`str`
call	`str`
lock	`str`
node	`str`
value	`str`
oldvalue	`str`
evtPid	`str`
class	`str`
type	`str`
ref	`str`
objName	`str`
version	`str`
storage	`str`
userName	`str`
release	`str`
vpnId	`str`
reason	`str`
mac	`str`
listener	`str`
oldRef	`str`
attrResolved	`str`
oldAttrResolved	`str`
attrAddr	`str`
oldAttrAddr	`str`
attrLink	`str`
oldAttrLink	`str`
attr	`str`
attrAddresses	`str`
oldAttrAddresses	`str`
attrIface	`str`
oldAttrIface	`str`
attrRasOnline	`str`
oldAttrRasOnLine	`str`
attrStatus	`str`
oldAttrStatus	`str`
attrTunnel	`str`
oldAttrTunnel	`str`
attrActiveChannels	`str`
oldAttrActiveChannels	`str`
attrLastAuth	`str`
oldAttrLastAuth	`str`
attrUsers	`str`
oldAttrUsers	`str`
attrAutoPfOut	`str`
oldAttrAutoPfOut	`str`
attrAutoPfIn	`str`
oldAttrAutoPfIn	`str`
attrMappings	`str`
oldAttrMappings	`str`
attrMembers	`str`
oldAttrMembers	`str`
attrShortcuts	`str`
oldAttrShortcuts	`str`
attrDashboardLeft	`str`
oldAttrDashboardLeft	`str`
severity2	`str`
unknown	`str`
hostchain	`str`		✓
tag	`str`		✓

Anchor
tag10
tag10
firewall.sophos.system.eplog

Field	Type	Source field name	Extra fields
eventdate	`timestamp`
machine	`str`	vmachine
serverdate	`timestamp`
fwname	`str`
program	`str`
pid	`str`
function	`str`
severity	`str`
sys	`str`
sub	`str`
name	`str`
severity2	`str`
unknown	`str`
hostchain	`str`		✓
tag	`str`		✓

Rw tab

title	11-15

firewall.sophos.system.epsecd
firewall.sophos.system.ha
firewall.sophos.system.loadbalancing
firewall.sophos.system.red
firewall.sophos.system.up2date

Anchor
tag11
tag11
firewall.sophos.system.epsecd

Field	Type	Source field name	Extra fields
eventdate	`timestamp`
machine	`str`	vmachine
serverdate	`timestamp`
fwname	`str`
program	`str`
pid	`str`
id	`str`
severity	`str`
sys	`str`
sub	`str`
name	`str`
effect	`str`
sslErr	`str`
syscallErr	`str`
severity2	`str`
unknown	`str`
hostchain	`str`		✓
tag	`str`		✓
rawMessage	`str`	rawSource	✓

Anchor
tag12
tag12
firewall.sophos.system.ha

Field	Type	Source field name	Extra fields
eventdate	`timestamp`
machine	`str`	vmachine
serverdate	`timestamp`
fwname	`str`
program	`str`
pid	`str`
id	`str`
severity	`str`
sys	`str`
sub	`str`
name	`str`
unknown	`str`
hostchain	`str`		✓
tag	`str`		✓
rawMessage	`str`	rawSource	✓

Anchor
tag13
tag13
firewall.sophos.system.loadbalancing

Field	Type	Source field name	Extra fields
eventdate	`timestamp`
machine	`str`	vmachine
serverdate	`timestamp`
fwname	`str`
program	`str`
pid	`str`
id	`str`
severity	`str`
sys	`str`
sub	`str`
name	`str`
unknown	`str`
hostchain	`str`		✓
tag	`str`		✓
rawMessage	`str`	rawSource	✓

Anchor
tag14
tag14
firewall.sophos.system.red

Field	Type	Source field name	Extra fields
eventdate	`timestamp`
machine	`str`	vmachine
serverdate	`timestamp`
fwname	`str`
program	`str`
pid	`str`
id	`str`
severity	`str`
sys	`str`
sub	`str`
name	`str`
redId	`str`
forced	`str`
unknown	`str`
hostchain	`str`		✓
tag	`str`		✓
rawMessage	`str`	rawSource	✓

Anchor
tag15
tag15
firewall.sophos.system.up2date

Field	Type	Source field name	Extra fields
eventdate	`timestamp`
machine	`str`	vmachine
serverdate	`timestamp`
fwname	`str`
program	`str`
pid	`str`
id	`str`
severity	`str`
sys	`str`
sub	`str`
name	`str`
action	`str`
status	`str`
package	`str`
packageVer	`str`
unknown	`str`
hostchain	`str`		✓
tag	`str`		✓
rawMessage	`str`	rawSource	✓

Rw tab

title	16-20

firewall.sophos.system.wifi
firewall.sophos.xgfirewall
firewall.sophos.xgfirewall.contentfiltering
firewall.sophos.xgfirewall.event

Anchor
tag16
tag16
firewall.sophos.system.wifi

Field	Type	Source field name	Extra fields
eventdate	`timestamp`
machine	`str`	vmachine
serverdate	`timestamp`
fwname	`str`
program	`str`
pid	`str`
id	`str`
severity	`str`
sys	`str`
sub	`str`
name	`str`
ssid	`str`
ssidId	`str`
bssid	`str`
sta	`str`
statusCode	`int4`
reasonCode	`int4`
unknown	`str`
hostchain	`str`		✓
tag	`str`		✓
rawMessage	`str`	rawSource	✓

Anchor
tag17
tag17
firewall.sophos.xgfirewall

Field	Type	Source field name	Extra fields
eventdate	`timestamp`
machine	`str`	hostchain
time	`str`
timezone	`str`
device_name	`str`
device_id	`str`
log_id	`str`
log_type	`str`
log_component	`str`
log_subtype	`str`
status	`str`
newversion	`str`
oldversion	`str`
priority	`str`
idp_policy_id	`str`
signature_id	`str`
signature_msg	`str`
classification	`str`
rule_priority	`str`
platform	`str`
category	`str`
target	`str`
sfmip	`str`
updatedip	`ip4`
host	`str`
client_host_name	`str`
client_physical_address	`str`
ipaddress	`ip4`
users	`int8`
Temp	`str`
Signature	`str`
Reports	`str`
Configuration	`str`
used	`int8`
free	`int8`
total_memory	`int8`
unit	`str`
idle	`str`
user	`str`
system	`str`
clients_conn_SSID	`str`
ssid	`str`
ap	`str`
receiveddrops	`float8`
transmittederrors	`float8`
collisions	`float8`
transmitteddrops	`float8`
receivederrors	`str`
transmittedkbits	`float8`
receivedkbits	`float8`
interface	`str`
message	`str`
raw_data	`str`
destination	`ip4`
duration	`int8`
fw_rule_id	`int8`
policy_type	`int8`
user_name	`str`
remotenetwork	`str`
actiononpeerdead	`str`
state	`str`
policybits	`str`
peerid	`str`
messageid	`str`
State	`str`
remoteinterfaceip	`ip4`
localnetwork	`str`
localgateway	`ip4`
localinterfaceip	`ip4`
connectiontype	`str`
connectionname	`str`
user_gp	`str`
application_filter_policy	`int8`
iap	`int8`
httpresponsecode	`str`
override_token	`str`
contenttype	`str`
url	`str`
category_type	`str`
application_name	`str`
ips_policy_id	`int8`
appfilter_policy_id	`int8`
application	`str`
application_risk	`int8`
application_technology	`str`
application_category	`str`
in_interface	`str`
out_interface	`str`
src_mac	`str`
src_ip	`ip4`
STATUS	`str`
IPSec_CONNECTION_NAME	`str`
src_country_code	`str`
dst_ip	`ip4`
dst_country_code	`str`
protocol	`str`
icmp_code	`str`
icmp_type	`str`
src_port	`int8`
dst_port	`int8`
sent_pkts	`int8`
recv_pkts	`int8`
sent_bytes	`int8`
recv_bytes	`int8`
reason	`str`
activityname	`str`
exceptions	`str`
domain	`str`
tran_src_ip	`ip4`
tran_src_port	`int8`
tran_dst_ip	`ip4`
tran_dst_port	`int8`
srczonetype	`str`
srczone	`str`
dstzonetype	`str`
dstzone	`str`
dir_disp	`str`
connevent	`str`
connid	`str`
vconnid	`str`
hb_health	`str`
timestamp	`str`
device_model	`str`
device_serial_id	`str`
log_version	`int4`
severity	`str`
nat_rule_id	`str`
fw_rule_type	`str`
user_group	`str`
web_policy_id	`int8`
app_filter_policy_id	`int8`
ether_type	`str`
dst_mac	`str`
src_country	`str`
dst_country	`str`
src_trans_ip	`ip4`
src_zone_type	`str`
src_zone	`str`
dst_zone_type	`str`
dst_zone	`str`
con_event	`str`
con_id	`int8`
hb_status	`str`
app_resolved_by	`str`
app_is_cloud	`str`
qualifier	`str`
in_display_interface	`str`
out_display_interface	`str`
http_category	`str`
http_category_type	`str`
bytes_sent	`int4`
bytes_received	`int4`
http_status	`str`
app_name	`str`
used_quota	`str`
app_risk	`int4`
app_category	`str`
client_used	`str`
auth_mechanism	`str`
start	`str`
end	`str`
user_full_name	`str`
unknown	`str`
hostchain	`str`		✓
tag	`str`		✓
rawMessage	`str`		✓

Anchor
tag18
tag18
firewall.sophos.xgfirewall.contentfiltering

Field	Type	Source field name	Extra fields
eventdate	`timestamp`
machine	`str`	vmachine
time	`str`
timezone	`str`
device_name	`str`
device_id	`str`
log_id	`str`
log_type	`str`
log_component	`str`
log_subtype	`str`
status	`str`
message	`str`
priority	`str`
fw_rule_id	`int8`
user_name	`str`
user_gp	`str`
application_filter_policy	`int8`
iap	`int8`
category	`str`
application_category	`str`
application_technology	`str`
application_risk	`int8`
application_name	`str`
category_type	`str`
url	`str`
contenttype	`str`
override_token	`str`
httpresponsecode	`str`
src_ip	`ip4`
src_country_code	`str`
dst_ip	`ip4`
dst_country_code	`str`
protocol	`str`
src_port	`int8`
dst_port	`int8`
sent_bytes	`int8`
recv_bytes	`int8`
domain	`str`
exceptions	`str`
activityname	`str`
reason	`str`
app_category	`str`
app_risk	`int4`
used_quota	`str`
http_status	`str`
bytes_sent	`int4`
bytes_received	`int4`
http_category	`str`
http_category_type	`str`
timestamp	`str`
device_model	`str`
device_serial_id	`str`
log_version	`int4`
severity	`str`
user_group	`str`
web_policy_id	`int8`
con_id	`int8`
app_name	`str`
app_is_cloud	`str`
src_zone_type	`str`
src_zone	`str`
dst_zone_type	`str`
dst_zone	`str`
unknown	`str`
hostchain	`str`		✓
tag	`str`		✓
rawMessage	`str`	message	✓

Anchor
tag19
tag19
firewall.sophos.xgfirewall.event

Field	Type	Source field name	Extra fields
eventdate	`timestamp`
machine	`str`	vmachine
time	`str`
timezone	`str`
device_name	`str`
device_id	`str`
log_id	`str`
log_type	`str`
log_component	`str`
log_subtype	`str`
status	`str`
newversion	`str`
oldversion	`str`
priority	`str`
sfmip	`str`
remotenetwork	`str`
actiononpeerdead	`str`
state	`str`
policybits	`str`
peerid	`str`
messageid	`str`
State	`str`
remoteinterfaceip	`ip4`
localnetwork	`str`
localgateway	`ip4`
localinterfaceip	`ip4`
connectiontype	`str`
connectionname	`str`
user_name	`str`
STATUS	`str`
IPSec_CONNECTION_NAME	`str`
src_ip	`ip4`
reason	`str`
updatedip	`ip4`
host	`str`
client_host_name	`str`
client_physical_address	`str`
ipaddress	`ip4`
interface	`str`
destination	`ip4`
message	`str`
start	`str`
end	`str`
user_full_name	`str`
client_used	`str`
auth_mechanism	`str`
app_name	`str`
timestamp	`str`
device_model	`str`
device_serial_id	`str`
log_version	`int4`
severity	`str`
user_group	`str`
src_country	`str`
protocol	`str`
raw_data	`str`
unknown	`str`
hostchain	`str`		✓
tag	`str`		✓
rawMessage	`str`	message	✓

Rw tab

title	21-24

firewall.sophos.xgfirewall.firewall
firewall.sophos.xgfirewall.idp
firewall.sophos.xgfirewall.systemhealth
firewall.sophos.xgfirewall.wirelessprotection

Anchor
tag21
tag21
firewall.sophos.xgfirewall.firewall

Field	Type	Source field name	Extra fields
eventdate	`timestamp`
machine	`str`	hostchain
time	`str`
timezone	`str`
device_name	`str`
device_id	`str`
log_id	`str`
log_type	`str`
log_component	`str`
log_subtype	`str`
status	`str`
priority	`str`
duration	`int8`
fw_rule_id	`int8`
policy_type	`int8`
user_name	`str`
user_gp	`str`
iap	`int8`
ips_policy_id	`int8`
appfilter_policy_id	`int8`
application	`str`
application_risk	`int8`
application_technology	`str`
application_category	`str`
in_interface	`str`
out_interface	`str`
src_mac	`str`
src_ip	`ip4`
src_country_code	`str`
dst_ip	`ip4`
dst_country_code	`str`
protocol	`str`
icmp_code	`str`
icmp_type	`str`
src_port	`int8`
dst_port	`int8`
sent_pkts	`int8`
recv_pkts	`int8`
sent_bytes	`int8`
recv_bytes	`int8`
tran_src_ip	`ip4`
tran_src_port	`int8`
tran_dst_ip	`ip4`
tran_dst_port	`int8`
srczonetype	`str`
srczone	`str`
dstzonetype	`str`
dstzone	`str`
dir_disp	`str`
connevent	`str`
connid	`str`
vconnid	`str`
timestamp	`str`
device_model	`str`
device_serial_id	`str`
log_version	`int4`
severity	`str`
nat_rule_id	`str`
fw_rule_type	`str`
ether_type	`str`
src_country	`str`
hb_status	`str`
message	`str`
app_resolved_by	`str`
app_is_cloud	`str`
qualifier	`str`
in_display_interface	`str`
hb_health	`str`
unknown	`str`
hostchain	`str`		✓
tag	`str`		✓
rawMessage	`str`		✓

Anchor
tag22
tag22
firewall.sophos.xgfirewall.idp

Field	Type	Source field name	Extra fields
eventdate	`timestamp`
machine	`str`	hostchain
time	`str`
timezone	`str`
device_name	`str`
device_id	`str`
log_id	`str`
log_type	`str`
log_component	`str`
log_subtype	`str`
priority	`str`
idp_policy_id	`str`
fw_rule_id	`int8`
policy_type	`int8`
user_name	`str`
signature_id	`str`
signature_msg	`str`
classification	`str`
rule_priority	`str`
src_ip	`ip4`
src_country_code	`str`
dst_ip	`ip4`
dst_country_code	`str`
protocol	`str`
src_port	`int8`
dst_port	`int8`
platform	`str`
category	`str`
target	`str`
unknown	`str`
hostchain	`str`		✓
tag	`str`		✓
rawMessage	`str`		✓

Anchor
tag23
tag23
firewall.sophos.xgfirewall.systemhealth

Field	Type	Source field name	Extra fields
eventdate	`timestamp`
machine	`str`	vmachine
time	`str`
timezone	`str`
device_name	`str`
device_id	`str`
log_id	`str`
log_type	`str`
log_component	`str`
log_subtype	`str`
priority	`str`
users	`int8`
Temp	`str`
Signature	`str`
Reports	`str`
Configuration	`str`
used	`int8`
free	`int8`
total_memory	`int8`
unit	`str`
idle	`str`
user	`str`
system	`str`
interface	`str`
receivedkbits	`float8`
transmittedkbits	`float8`
receivederrors	`str`
transmitteddrops	`float8`
collisions	`float8`
transmittederrors	`float8`
receiveddrops	`float8`
unknown	`str`		✓
hostchain	`str`		✓
tag	`str`		✓

Anchor
tag24
tag24
firewall.sophos.xgfirewall.wirelessprotection

Field	Type	Source field name	Extra fields
eventdate	`timestamp`
machine	`str`	vmachine
time	`str`
timezone	`str`
device_name	`str`
device_id	`str`
log_id	`str`
log_type	`str`
log_component	`str`
log_subtype	`str`
priority	`str`
ap	`str`
ssid	`str`
clients_conn_SSID	`str`
unknown	`str`		✓
hostchain	`str`		✓
tag	`str`		✓

Version	Old Version 6	New Version Current
Changes made by	Juan Tomás Alonso Nieto	Scott Bronkema
Saved on	Sept 05, 2023	Feb 10, 2025

Versions Compared

Key

Anchor
tag1
tag1
firewall.sophos.general.system

Anchor
tag2
tag2
firewall.sophos.securemail.smtp

Anchor
tag3
tag3
firewall.sophos.securenet.ips

Anchor
tag4
tag4
firewall.sophos.securenet.packetfilter

Anchor
tag5
tag5
firewall.sophos.securenet.vpn

Anchor
tag6
tag6
firewall.sophos.secureweb.eplog

Anchor
tag7
tag7
firewall.sophos.secureweb.http

Anchor
tag8
tag8
firewall.sophos.system.auth

Anchor
tag9
tag9
firewall.sophos.system.confd

Anchor
tag10
tag10
firewall.sophos.system.eplog

Anchor
tag11
tag11
firewall.sophos.system.epsecd

Anchor
tag12
tag12
firewall.sophos.system.ha

Anchor
tag13
tag13
firewall.sophos.system.loadbalancing

Anchor
tag14
tag14
firewall.sophos.system.red

Anchor
tag15
tag15
firewall.sophos.system.up2date

Anchor
tag16
tag16
firewall.sophos.system.wifi

Anchor
tag17
tag17
firewall.sophos.xgfirewall

Anchor
tag18
tag18
firewall.sophos.xgfirewall.contentfiltering

Anchor
tag19
tag19
firewall.sophos.xgfirewall.event

Anchor
tag21
tag21
firewall.sophos.xgfirewall.firewall

Anchor
tag22
tag22
firewall.sophos.xgfirewall.idp

Anchor
tag23
tag23
firewall.sophos.xgfirewall.systemhealth

Anchor
tag24
tag24
firewall.sophos.xgfirewall.wirelessprotection

Content Comparison

Versions Compared

Key

Anchortag1tag1firewall.sophos.general.system

Anchortag2tag2firewall.sophos.securemail.smtp

Anchortag3tag3firewall.sophos.securenet.ips

Anchortag4tag4firewall.sophos.securenet.packetfilter

Anchortag5tag5firewall.sophos.securenet.vpn

Anchortag6tag6firewall.sophos.secureweb.eplog

Anchortag7tag7firewall.sophos.secureweb.http

Anchortag8tag8firewall.sophos.system.auth

Anchortag9tag9firewall.sophos.system.confd

Anchortag10tag10firewall.sophos.system.eplog

Anchortag11tag11firewall.sophos.system.epsecd

Anchortag12tag12firewall.sophos.system.ha

Anchortag13tag13firewall.sophos.system.loadbalancing

Anchortag14tag14firewall.sophos.system.red

Anchortag15tag15firewall.sophos.system.up2date

Anchortag16tag16firewall.sophos.system.wifi

Anchortag17tag17firewall.sophos.xgfirewall

Anchortag18tag18firewall.sophos.xgfirewall.contentfiltering

Anchortag19tag19firewall.sophos.xgfirewall.event

Anchortag21tag21firewall.sophos.xgfirewall.firewall

Anchortag22tag22firewall.sophos.xgfirewall.idp

Anchortag23tag23firewall.sophos.xgfirewall.systemhealth

Anchortag24tag24firewall.sophos.xgfirewall.wirelessprotection

Anchor
tag1
tag1
firewall.sophos.general.system

Anchor
tag2
tag2
firewall.sophos.securemail.smtp

Anchor
tag3
tag3
firewall.sophos.securenet.ips

Anchor
tag4
tag4
firewall.sophos.securenet.packetfilter

Anchor
tag5
tag5
firewall.sophos.securenet.vpn

Anchor
tag6
tag6
firewall.sophos.secureweb.eplog

Anchor
tag7
tag7
firewall.sophos.secureweb.http

Anchor
tag8
tag8
firewall.sophos.system.auth

Anchor
tag9
tag9
firewall.sophos.system.confd

Anchor
tag10
tag10
firewall.sophos.system.eplog

Anchor
tag11
tag11
firewall.sophos.system.epsecd

Anchor
tag12
tag12
firewall.sophos.system.ha

Anchor
tag13
tag13
firewall.sophos.system.loadbalancing

Anchor
tag14
tag14
firewall.sophos.system.red

Anchor
tag15
tag15
firewall.sophos.system.up2date

Anchor
tag16
tag16
firewall.sophos.system.wifi

Anchor
tag17
tag17
firewall.sophos.xgfirewall

Anchor
tag18
tag18
firewall.sophos.xgfirewall.contentfiltering

Anchor
tag19
tag19
firewall.sophos.xgfirewall.event

Anchor
tag21
tag21
firewall.sophos.xgfirewall.firewall

Anchor
tag22
tag22
firewall.sophos.xgfirewall.idp

Anchor
tag23
tag23
firewall.sophos.xgfirewall.systemhealth

Anchor
tag24
tag24
firewall.sophos.xgfirewall.wirelessprotection