Document toolboxDocument toolbox

utm.sophos

Introduction

The tags beginning with utm.sophos identify events generated by Sophos UTM services.

Valid tags and data tables 

The full tag must have 3 levels. The first two are fixed as utm.sophos. The third level identifies the type of events sent.

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service

Tags

Data tables

Product / Service

Tags

Data tables

Sophos UTM

utm.sophos.system

utm.sophos.system

For more information, read more About Devo tags.

Table structure

These are the fields displayed in this table:

utm.sophos.system

Field

Type

Source field name

Extra fields

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

 

host

str

vhost

 

serverdate

timestamp

 

 

fwname

str

 

 

msg_source

str

 

 

serverdate_2

str

 

 

remote_logname

str

 

 

PID

str

 

 

TID

str

 

 

client_ip

ip4

 

 

message

str

 

 

file

str

 

 

line

int4

 

 

id

int4

 

 

rev

str

 

 

msg

str

 

 

data

str

 

 

severity

str

 

 

ver

str

 

 

maturity

int4

 

 

accuracy

int4

 

 

tags

str

 

 

hostname

str

 

 

uri

str

 

 

unique_id

str

 

 

hostchain

str

 

✓

tag

str

 

✓