Syslog Configuration for Sophos Enterprise Console

Configuration Guide

Updated Mar 21, 2023

Syslog Configuration for Sophos Enterprise Console

Overview Direct link to this section

This document describes how to configure syslog for Arctic Wolf® monitoring on Sophos Enterprise Console.

Note: This page details steps to forward Syslog for the on-premises Sophos Enterprise Console. For steps to forward cloud-based Sophos Central logs, see Providing Sophos Central Credentials to Arctic Wolf.

Before you begin Direct link to this section

If you use role-based administration:

Enable syslog forwarding Direct link to this section

Notes:

  1. Go to the Sophos Enterprise Console user interface.
  2. Open the the Policies tab.
  3. Double-click the anti-virus and host intrusion prevention system (HIPS) policy that you want to change.
  4. Click Messaging.
  5. Go to the Event log tab.
  6. Ensure that event logging is enabled.
  7. Go to Install the Reporting Log Writer.

Install the Reporting Log Writer Direct link to this section

The Reporting Log Writer copies logs to the local server event logs.

Note: See the Sophos documentation for more information.

To download and install the Reporting Log Writer installer:

  1. Go to the Sophos Enterprise Console downloads page.
  2. Download and install the Sophos Reporting Log Writer.
  3. To start the Log Writer service:
    1. Open Control Panel and double-click Administrative Tools.
    2. In the Administrative Tools window, double-click on Services.
      The list of available services is displayed.
  4. Select Sophos Reporting Log Writer and click Start to start the service.

Next steps Direct link to this section