Hi, everyone
I have found some dissect parsing errors by using Sonicwall module module of Filebeat 7.9.2. Here you are some examples:
Feb 11 07:31:35 _gateway id=firewall sn=<serial-number> time="2021-02-11 06:31:35 UTC" fw=<my-ip> pri=6 m=805 msg="Interface statistics report" n=1047533 if=U1 ucastRx=0 bcastRx=0 bytesRx=0 ucastTx=0 bcastTx=0 bytesTx=0
Feb 11 07:32:58 _gateway id=firewall sn=<serial-number> time="2021-02-11 06:32:58 UTC" fw=<my-ip> pri=6 c=1024 m=537 msg="Connection Closed" app=49193 appName='General SNMP' n=201092856 src=<another-ip>:58911:X6 dst=<another-ip>:161:X2 srcMac=<another-mac> proto=udp/161 sent=107 rcvd=118 spkt=1 rpkt=1 dpi=1 cdur=30116 vpnpolicy="<policy>" rule="760 (SSGG->VPN)" fw_action="NA"
Feb 11 07:32:57 _gateway id=firewall sn=<serial-number> time="2021-02-11 06:32:57 UTC" fw=<my-ip> pri=6 c=262144 m=98 msg="Connection Opened" app=49201 appName='General TCP' n=199545631 src=<another-ip>:58927:X0 dst=<another-ip>:6180:X1 proto=tcp/6180 sent=52 dpi=0 vpnpolicy="<policy>" fw_action="NA"
Sometimes, parsing is correct, for instance:
Feb 11 07:32:58 _gateway id=firewall sn=<serial-number> time="2021-02-11 06:32:58 UTC" fw=<my-ip> pri=6 c=262144 m=98 msg="Connection Opened" app=6818 n=199545889 src=<another-ip>:62679:X9 dst=<another-ip>:53:X0 dstMac=<another-mac> proto=udp/dns sent=63 dpi=1 rule="164" fw_action="NA"
Which Sonicwalls models are supported? Is it necessary to configure anything on Sonicwall before sending information by Syslog?
Thanks in advance,
Update
I have created an issue on GitHub: Issue #24124
Rodrigo