Configure Sophos Enterprise Console to send logs to Arctic Wolf

You can configure your Sophos XG Firewall® to send the necessary logs to Arctic Wolf for monitoring security information.

Requirements

• Activated Arctic Wolf Sensor

Before you begin

• If you use role-based administration:
  • Make sure you have Policy setting - anti-virus and HIPS permissions.
  • You cannot edit a policy if it is applied outside your active Sub-Estate.

Steps

1. Enable syslog forwarding.
2. Install the Reporting Log Writer.
3. Install NXLog.

Step 1: Enable syslog forwarding

1. Sign in to the Sophos Enterprise Console as an administrator.
2. Click the Policies tab.
3. Double-click the anti-virus and host intrusion prevention system (HIPS) policy that you want to change.
4. Click Messaging.
5. Click the Event log tab.
6. Select the Enable event logging option.

Step 2: Install the Reporting Log Writer

1. Go to the Sophos Enterprise Console downloads page.

2. Download and install the Sophos Reporting Log Writer.

3. Start the Log Writer service:

   1. Open Control Panel, and then double-click Administrative Tools.
   2. In the Administrative Tools window, double-click Services.

   The list of available services appears.

4. Select Sophos Reporting Log Writer, and then click Start.

   Logs are copied to the local server event logs.

Step 3: Install NXLog

1. Install NXLog.
2. Contact your CST for custom configuration.

See also

• Configure Windows Event Logging
• Sophos Enterprise Console: Reporting overview