Sophos Enterprise Console Logs

Updated Dec 18, 2023

Configure Sophos Enterprise Console to send logs to Arctic Wolf


You can configure your Sophos XG Firewall® to send the necessary logs to Arctic Wolf® for security monitoring.


Before you begin


  1. Enable syslog forwarding.
  2. Install the Reporting Log Writer.
  3. Install NXLog.
  4. Provide your Sophos Enterprise Console information to Arctic Wolf.

Step 1: Enable syslog forwarding

  1. Sign in to the Sophos Enterprise Console as an administrator.
  2. Click the Policies tab.
  3. Double-click the anti-virus and host intrusion prevention system (HIPS) policy that you want to change.
  4. Click Messaging.
  5. Click the Event log tab.
  6. Select the Enable event logging option.

Step 2: Install the Reporting Log Writer

  1. Go to the Sophos Enterprise Console downloads page.

  2. Download and install the Sophos Reporting Log Writer.

  3. Start the Log Writer service:

    1. Open Control Panel, and then double-click Administrative Tools.
    2. In the Administrative Tools window, double-click Services.

    The list of available services appears.

  4. Select Sophos Reporting Log Writer, and then click Start.

    Logs are copied to the local server event logs.

Step 3: Install NXLog

  1. Install NXLog.
  2. Contact your CST for custom configuration.

Step 4: Provide your Sophos Enterprise Console information to Arctic Wolf

  1. Sign in to the Arctic Wolf Unified Portal.

  2. Click > Open a New Ticket.

  3. On the Open a New Ticket page, configure these settings:

    • What is this ticket related to? — Select General request.
    • Subject — Enter Syslog changes.
    • Related ticket (optional) — Keep empty.
    • Message — Enter this information for your Concierge Security® Team (CST):
      • Confirmation that you completed the steps in this configuration guide.
      • The IP address or hostname you used during the configuration.
      • Questions or comments that you have.
  4. Click Send Message.

    Your CST will review the details and make sure that Arctic Wolf is successfully processing the logs.

See also