Sawmill for Ironport 7.3.3 - Adding database field
We've recently changed the log subscriptions on our S660s (AsyncOS Version 7.1.1-038) to include user agent. I'm wondering how I'd go about getting this to show up in our Sawmill (for IronPort Enterprise, version 7.3.3) reports. I'm guessing I'll need to tweak one of the out of the box log formats to add the user agent entry as a new database field but the guidance I've come across online doesn't make it look straightforward.
I'm hoping that someone here may have done something similar and could point me in the right direction.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...