Poked around a bit at this one for my home Sophos and figured some stuff out for anyone still interested. This app was probably not written for publishing but for someone to use for their own purposes. Seems like they just decided to post it later but as is, this app takes quite a bit of tweaking and still has some gaps. It's a good start though. Your data input needs to set the source type to 'syslog' -> In the apps props and transforms files you will find that it is looking for 'syslog' and then breaks apart the various log types into UTM:SecureWeb, UTM:SecureNet, UTM:System, UTM:dhcpd, and UTM:SecureMail. Some events will remain syslog, for example the WAF logs. You could update the transforms pretty easy to break them apart using httpd if you wanted. Same with IPSec logs and any others you want. Another issue is that a good chunk of the dashboards may not work without modifications. Many searches have a srcip=192.168.* hardcoded so if your subnet is anything else, you will get no data. Some searches have typos (missing a space between terms) and others search for srcip="192.168.1.0/24" which is never going to appear in the logs so this search will always return nothing unless corrected. Another note is that some of the searches filter out certain categories like "ads" or "pornography" so if you want to see those categories in your searches you will need to remove the criteria. Overall, not a bad starting point and with a little massaging the dashboards will work but definitely not a plug and play app. ... View more