Sophos Enterprise Console Logs

Updated Sep 5, 2023

Configure Sophos Enterprise Console to send logs to Arctic Wolf

Notes:

You can configure your Sophos XG Firewall® to send the necessary logs to Arctic Wolf for monitoring security information.

Requirements

Before you begin

Steps

  1. Enable syslog forwarding.
  2. Install the Reporting Log Writer.
  3. Install NXLog.

Step 1: Enable syslog forwarding

  1. Sign in to the Sophos Enterprise Console as an administrator.
  2. Click the Policies tab.
  3. Double-click the anti-virus and host intrusion prevention system (HIPS) policy that you want to change.
  4. Click Messaging.
  5. Click the Event log tab.
  6. Select the Enable event logging option.

Step 2: Install the Reporting Log Writer

  1. Go to the Sophos Enterprise Console downloads page.

  2. Download and install the Sophos Reporting Log Writer.

  3. Start the Log Writer service:

    1. Open Control Panel, and then double-click Administrative Tools.
    2. In the Administrative Tools window, double-click Services.

    The list of available services appears.

  4. Select Sophos Reporting Log Writer, and then click Start.

    Logs are copied to the local server event logs.

Step 3: Install NXLog

  1. Install NXLog.
  2. Contact your CST for custom configuration.

See also