[Filebeat][SophosXG Module] Renaming module and fileset (elastic#20396)

renaming sophosxg module to sophos, and renaming fileset to better support future filesets

(cherry picked from commit 778a92f)

filebeat/docs/modules/sophosxg.asciidoc → filebeat/docs/modules/sophos.asciidoc

@@ -2,15 +2,15 @@
 This file is generated! See scripts/docs_collector.py
 ////
 
-[[filebeat-module-sophosxg]]
+[[filebeat-module-sophos]]
 [role="xpack"]
 
-:modulename: sophosxg
+:modulename: sophos
 :has-dashboards: false
 
-== SophosXG module
+== Sophos module
 
-This is a module for SophosXG SFOS logs sent in the syslog format.
+This is a module for Sophos Products, currently it supports XG SFOS logs sent in the syslog format.
 
 To configure a remote syslog destination, please reference the https://community.sophos.com/kb/en-us/123184[SophosXG/SFOS Documentation].
 
@@ -21,27 +21,34 @@ include::../include/gs-link.asciidoc[]
 [float]
 === Compatibility
 
-This module has been tested against SFOS version 17.5.x and 18.0.x. 
+This module has been tested against SFOS version 17.5.x and 18.0.x.
 Versions above this are expected to work but have not been tested.
 
 include::../include/configuring-intro.asciidoc[]
 
-:fileset_ex: firewall
+:fileset_ex: xg
 
 include::../include/config-option-intro.asciidoc[]
 
 [float]
-==== `firewall` fileset settings
+==== `xg` fileset settings
+
+The Sophos XG firewalls do not include hostname in either the syslog header or body, and the only unique identifier for each firewall is the related serial number.
+
+Below you will see an example configuration file, that sets the default hostname (if no serial number is included in the config file), and example on how to map serial numbers to a hostname
 
 [source,yaml]
 ----
-- module: sophosxg
-  firewall:
+- module: sophos
+  xg:
     enabled: true
     var.input: udp
     var.syslog_host: 0.0.0.0
     var.syslog_port: 9005
-    var.host_name: firewall.localgroup.local
+    var.default_host_name: firewall.localgroup.local
+    var.known_devices:
+       "1234567890123457": "a.host.local"
+       "1234234590678557": "b.host.local"
 ----
 
 include::../include/var-paths.asciidoc[]
@@ -68,7 +75,7 @@ Default to `firewall.localgroup.local`
 [float]
 ==== SophosXG ECS fields
 
-This is a list of FortiOS fields that are mapped to ECS.
+This is a list of SophosXG fields that are mapped to ECS.
 
 [options="header"]
 |==============================================================
@@ -139,5 +146,5 @@ This is a list of FortiOS fields that are mapped to ECS.
 === Fields
 
 For a description of each field in the module, see the
-<<exported-fields-sophosxg,exported fields>> section.
+<<exported-fields-sophos,exported fields>> section.
 

filebeat/docs/modules_list.asciidoc

@@ -55,7 +55,7 @@ This file is generated! See scripts/docs_collector.py
   * <<filebeat-module-redis>>
   * <<filebeat-module-santa>>
   * <<filebeat-module-sonicwall>>
-  * <<filebeat-module-sophosxg>>
+  * <<filebeat-module-sophos>>
   * <<filebeat-module-squid>>
   * <<filebeat-module-suricata>>
   * <<filebeat-module-system>>
@@ -121,7 +121,7 @@ include::modules/rapid7.asciidoc[]
 include::modules/redis.asciidoc[]
 include::modules/santa.asciidoc[]
 include::modules/sonicwall.asciidoc[]
-include::modules/sophosxg.asciidoc[]
+include::modules/sophos.asciidoc[]
 include::modules/squid.asciidoc[]
 include::modules/suricata.asciidoc[]
 include::modules/system.asciidoc[]

x-pack/filebeat/filebeat.reference.yml

@@ -1340,9 +1340,9 @@ filebeat.modules:
     # "+02:00" for GMT+02:00
     # var.tz_offset: local
 
-#------------------------------- Sophosxg Module -------------------------------
-- module: sophosxg
-  firewall:
+#-------------------------------- Sophos Module --------------------------------
+- module: sophos
+  xg:
     enabled: true
 
     # Set which input to use between tcp, udp (default) or file.
@@ -1355,9 +1355,9 @@ filebeat.modules:
     # The port to listen for syslog traffic. Defaults to 9004.
     #var.syslog_port: 9005
 
-    # firewall default hostanme 
+    # firewall default hostname
     #var.default_host_name: firewall.localgroup.local
-    
+
     # known firewalls
     #var.known_devices:
     #   "device1_serialnumber": "a.host.local"

x-pack/filebeat/module/sophosxg/_meta/config.yml → x-pack/filebeat/module/sophos/_meta/config.yml

@@ -1,5 +1,5 @@
-- module: sophosxg
-  firewall:
+- module: sophos
+  xg:
     enabled: true
 
     # Set which input to use between tcp, udp (default) or file.
@@ -12,9 +12,9 @@
     # The port to listen for syslog traffic. Defaults to 9004.
     #var.syslog_port: 9005
 
-    # firewall default hostanme 
+    # firewall default hostname
     #var.default_host_name: firewall.localgroup.local
-    
+
     # known firewalls
     #var.known_devices:
     #   "device1_serialnumber": "a.host.local"

x-pack/filebeat/module/sophosxg/_meta/docs.asciidoc → x-pack/filebeat/module/sophos/_meta/docs.asciidoc

@@ -1,11 +1,11 @@
 [role="xpack"]
 
-:modulename: sophosxg
+:modulename: sophos
 :has-dashboards: false
 
-== SophosXG module
+== Sophos module
 
-This is a module for SophosXG SFOS logs sent in the syslog format.
+This is a module for Sophos Products, currently it supports XG SFOS logs sent in the syslog format.
 
 To configure a remote syslog destination, please reference the https://community.sophos.com/kb/en-us/123184[SophosXG/SFOS Documentation].
 
@@ -16,27 +16,34 @@ include::../include/gs-link.asciidoc[]
 [float]
 === Compatibility
 
-This module has been tested against SFOS version 17.5.x and 18.0.x. 
+This module has been tested against SFOS version 17.5.x and 18.0.x.
 Versions above this are expected to work but have not been tested.
 
 include::../include/configuring-intro.asciidoc[]
 
-:fileset_ex: firewall
+:fileset_ex: xg
 
 include::../include/config-option-intro.asciidoc[]
 
 [float]
-==== `firewall` fileset settings
+==== `xg` fileset settings
+
+The Sophos XG firewalls do not include hostname in either the syslog header or body, and the only unique identifier for each firewall is the related serial number.
+
+Below you will see an example configuration file, that sets the default hostname (if no serial number is included in the config file), and example on how to map serial numbers to a hostname
 
 [source,yaml]
 ----
-- module: sophosxg
-  firewall:
+- module: sophos
+  xg:
     enabled: true
     var.input: udp
     var.syslog_host: 0.0.0.0
     var.syslog_port: 9005
-    var.host_name: firewall.localgroup.local
+    var.default_host_name: firewall.localgroup.local
+    var.known_devices:
+       "1234567890123457": "a.host.local"
+       "1234234590678557": "b.host.local"
 ----
 
 include::../include/var-paths.asciidoc[]
@@ -63,7 +70,7 @@ Default to `firewall.localgroup.local`
 [float]
 ==== SophosXG ECS fields
 
-This is a list of FortiOS fields that are mapped to ECS.
+This is a list of SophosXG fields that are mapped to ECS.
 
 [options="header"]
 |==============================================================

x-pack/filebeat/module/sophosxg/_meta/fields.yml → x-pack/filebeat/module/sophos/_meta/fields.yml

@@ -1,9 +1,9 @@
-- key: sophosxg
-  title: "sophosxg"
+- key: sophos
+  title: "sophos"
   description: >
-    sophosxg Module
+    sophos Module
   fields:
-    - name: sophosxg
+    - name: sophos
       type: group
       description: >
       fields: