# Module: sophos
# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-sophos.html

- module: sophos
  xg:
    enabled: true

    # Set which input to use between tcp, udp (default) or file.
    #var.input: udp

    # The interface to listen to syslog traffic. Defaults to
    # localhost. Set to 0.0.0.0 to bind to all available interfaces.
    #var.syslog_host: localhost

    # The port to listen for syslog traffic. Defaults to 9004.
    #var.syslog_port: 9005

    # firewall default hostname
    #var.default_host_name: firewall.localgroup.local

    # known firewalls
    #var.known_devices:
      #- serial_number: "1234567890123457"
      #  hostname: "a.host.local"
      #- serial_number: "1234234590678557"
      #  hostname: "b.host.local"


  utm:
    enabled: true

    # Set which input to use between udp (default), tcp or file.
    # var.input: udp
    # var.syslog_host: localhost
    # var.syslog_port: 9533

    # Set paths for the log files when file input is used.
    # var.paths:

    # Toggle output of non-ECS fields (default true).
    # var.rsa_fields: true

    # Set custom timezone offset.
    # "local" (default) for system timezone.
    # "+02:00" for GMT+02:00
    # var.tz_offset: local