Skip to content

Latest commit

 

History

History
18 lines (11 loc) · 997 Bytes

README.md

File metadata and controls

18 lines (11 loc) · 997 Bytes

logstash-utm

Logstash configuration and templates to parse Sophos UTM logs.

Supported log types

At this point only the packet filter and web filter (http*.log) file types are supported.

Usage

  • Install Logstash
  • Install Elasticsearch
  • Unpack your UTM logs into the input/ sub-directory.
  • Run make. Logstash will start up, work through all files that are already present and then wait for more.

Syslog Pipe

The syslog pipe can easily be implemented by using the syslog input plugin instead of the current configuration's file input. You can then configure your UTM to push logfiles directly into Logstash. This allows for realtime analytics.