Sophos Enterprise Console Logs
Updated Sep 5, 2023Configure Sophos Enterprise Console to send logs to Arctic Wolf
Notes:
- Sophos is retiring this product on 20 July 2023. For more information, see the Sophos Enterprise Console® notice.
- This procedure is for the on-premises Sophos Enterprise Console. For the cloud-based Sophos Central procedure, see Providing Sophos Central Credentials to Arctic Wolf.
You can configure your Sophos XG Firewall® to send the necessary logs to Arctic Wolf for monitoring security information.
Requirements
- Activated Arctic Wolf Sensor
Before you begin
- If you use role-based administration:
- Make sure you have Policy setting - anti-virus and HIPS permissions.
- You cannot edit a policy if it is applied outside your active Sub-Estate.
Steps
Step 1: Enable syslog forwarding
- Sign in to the Sophos Enterprise Console as an administrator.
- Click the Policies tab.
- Double-click the anti-virus and host intrusion prevention system (HIPS) policy that you want to change.
- Click Messaging.
- Click the Event log tab.
- Select the Enable event logging option.
Step 2: Install the Reporting Log Writer
-
Go to the Sophos Enterprise Console downloads page.
-
Download and install the Sophos Reporting Log Writer.
-
Start the Log Writer service:
- Open Control Panel, and then double-click Administrative Tools.
- In the Administrative Tools window, double-click Services.
The list of available services appears.
-
Select Sophos Reporting Log Writer, and then click Start.
Logs are copied to the local server event logs.
Step 3: Install NXLog
- Install NXLog.
- Contact your CST for custom configuration.