Syslog Configuration for Sophos Enterprise Console

Configuration Guide

Overview Direct link to this section

This document describes how to configure syslog for Arctic Wolf® monitoring on Sophos Enterprise Console.

Note: This page details steps to forward Syslog for the on-premises Sophos Enterprise Console. For steps to forward cloud-based Sophos Central logs, see Providing Sophos Central Credentials to Arctic Wolf.

Requirements Direct link to this section

If you use role-based administration:

Enabling syslog forwarding Direct link to this section

To enable syslog forwarding for Sophos Enterprise Console:


  1. Go to the Sophos Enterprise Console user interface.
  2. Open the the Policies tab.
  3. Double-click the anti-virus and host intrusion prevention system (HIPS) policy that you want to change.
  4. Click Messaging.
  5. Go to the Event log tab.
  6. Ensure that event logging is enabled.
  7. Go to Installing the Reporting Log Writer.

Installing the Reporting Log Writer Direct link to this section

The Reporting Log Writer copies logs to the local server event logs.

Note: See the Sophos documentation for more information.

To download and install the Reporting Log Writer installer:

  1. Go to the Sophos Enterprise Console downloads page.
  2. Download and install the Sophos Reporting Log Writer.
  3. To start the Log Writer service:
    1. Open Control Panel and double-click Administrative Tools.
    2. In the Administrative Tools window, double-click on Services.
      The list of available services is displayed.
  4. Select Sophos Reporting Log Writer and click Start to start the service.

Next steps Direct link to this section

Install NXLog using the steps in Installing NXLog.