Sophos Enterprise Console LogsUpdated Sep 5, 2023
- Sophos is retiring this product on 20 July 2023. For more information, see the Sophos Enterprise Console® notice.
- This procedure is for the on-premises Sophos Enterprise Console. For the cloud-based Sophos Central procedure, see Providing Sophos Central Credentials to Arctic Wolf.
You can configure your Sophos XG Firewall® to send the necessary logs to Arctic Wolf for monitoring security information.
- Activated Arctic Wolf Sensor
- If you use role-based administration:
- Make sure you have Policy setting - anti-virus and HIPS permissions.
- You cannot edit a policy if it is applied outside your active Sub-Estate.
- Sign in to the Sophos Enterprise Console as an administrator.
- Click the Policies tab.
- Double-click the anti-virus and host intrusion prevention system (HIPS) policy that you want to change.
- Click Messaging.
- Click the Event log tab.
- Select the Enable event logging option.
Go to the Sophos Enterprise Console downloads page.
Download and install the Sophos Reporting Log Writer.
Start the Log Writer service:
- Open Control Panel, and then double-click Administrative Tools.
- In the Administrative Tools window, double-click Services.
The list of available services appears.
Select Sophos Reporting Log Writer, and then click Start.
Logs are copied to the local server event logs.
- Install NXLog.
- Contact your CST for custom configuration.