Sophos XG Firewall Logs

Updated Dec 21, 2023

Configure Sophos XG Firewall to send logs to Arctic Wolf

You can configure the Sophos XG Firewall® to send the necessary logs to Arctic Wolf® for security monitoring.

Requirements

Steps

  1. Configure log forwarding.
  2. Provide your Sophos XG information to Arctic Wolf.

Step 1: Configure log forwarding

  1. Sign in to the Sophos Enterprise Console with administrator permissions.

  2. Click System services > Log settings.

  3. Click Add.

  4. Configure these settings:

    Note: Do not use secure log transmission because it renders the syslog data unusable to Arctic Wolf.

    • Name — Enter a name for the syslog server.
    • IP address / Domain — Enter the IP address of your Arctic Wolf Sensor.
    • Secure log transmission — Clear the checkbox.
    • Port — Enter 514.
    • Facility — Keep the default option.
    • Severity level — Select Informational.
    • Format — Select Central Reporting Format.
  5. Click Save.

  6. Scroll down to the Log settings section.

  7. In the Syslog server column, select the logs that you want to send.

Step 2: Provide your Sophos XG information to Arctic Wolf

  1. Sign in to the Arctic Wolf Unified Portal.

  2. Click > Open a New Ticket.

  3. On the Open a New Ticket page, configure these settings:

    • What is this ticket related to? — Select General request.
    • Subject — Enter Syslog changes.
    • Related ticket (optional) — Keep empty.
    • Message — Enter this information for your Concierge Security® Team (CST):
      • Confirmation that you completed the steps in this configuration guide.
      • The IP address or hostname you used during the configuration.
      • Questions or comments that you have.
  4. Click Send Message.

    Your CST will review the details and make sure that Arctic Wolf is successfully processing the logs.

See also