Syslog Configuration for Sophos Enterprise Console
Overview Direct link to this section
This document describes how to configure syslog for Arctic Wolf® monitoring on Sophos Enterprise Console.
Note: This page details steps to forward Syslog for the on-premises Sophos Enterprise Console. For steps to forward cloud-based Sophos Central logs, see Providing Sophos Central Credentials to Arctic Wolf.
Before you begin Direct link to this section
If you use role-based administration:
- You must have the Policy setting - anti-virus and HIPS permission to perform this task.
- You cannot edit a policy if it is applied outside your active Sub-Estate.
Enable syslog forwarding Direct link to this section
Notes:
- Complete the steps in Before you begin.
- See Configure Windows Event Logging in the official Sophos documentation for more information.
- Go to the Sophos Enterprise Console user interface.
- Open the the Policies tab.
- Double-click the anti-virus and host intrusion prevention system (HIPS) policy that you want to change.
- Click Messaging.
- Go to the Event log tab.
- Ensure that event logging is enabled.
- Go to Install the Reporting Log Writer.
Install the Reporting Log Writer Direct link to this section
The Reporting Log Writer copies logs to the local server event logs.
Note: See the Sophos documentation for more information.
To download and install the Reporting Log Writer installer:
- Go to the Sophos Enterprise Console downloads page.
- Download and install the Sophos Reporting Log Writer.
- To start the Log Writer service:
- Open Control Panel and double-click Administrative Tools.
- In the Administrative Tools window, double-click on Services.
The list of available services is displayed.
- Select Sophos Reporting Log Writer and click Start to start the service.
Next steps Direct link to this section
- To install NXLog, follow the steps in NXLog installation and version updates.