utm.sophos
Introduction
The tags beginning with utm.sophos
identify events generated by Sophos UTM services.
Valid tags and data tablesÂ
The full tag must have 3 levels. The first two are fixed as utm.sophos
. The third level identifies the type of events sent.
These are the valid tags and corresponding data tables that will receive the parsers' data:
Product / Service | Tags | Data tables |
---|---|---|
Sophos UTM |
|
|
For more information, read more About Devo tags.
Table structure
These are the fields displayed in this table:
utm.sophos.system
Field | Type | Source field name | Extra fields |
---|---|---|---|
eventdate |
| Â | Â |
host |
| vhost | Â |
serverdate |
| Â | Â |
fwname |
| Â | Â |
msg_source |
| Â | Â |
serverdate_2 |
| Â | Â |
remote_logname |
| Â | Â |
PID |
| Â | Â |
TID |
| Â | Â |
client_ip |
| Â | Â |
message |
| Â | Â |
file |
| Â | Â |
line |
| Â | Â |
id |
| Â | Â |
rev |
| Â | Â |
msg |
| Â | Â |
data |
| Â | Â |
severity |
| Â | Â |
ver |
| Â | Â |
maturity |
| Â | Â |
accuracy |
| Â | Â |
tags |
| Â | Â |
hostname |
| Â | Â |
uri |
| Â | Â |
unique_id |
| Â | Â |
hostchain |
|  | ✓ |
tag |
|  | ✓ |