Sophos XG Firewall Logs

Updated Aug 31, 2023

Configure Sophos XG Firewall to send logs to Arctic Wolf

You can configure your Sophos XG Firewall® to send the necessary logs to Arctic Wolf for monitoring security information.

Requirements

Steps

  1. Sign in to the Sophos Central console.

  2. Click System services > Log settings.

  3. Click Add.

  4. Configure these settings:

    Note: Do not use secure log transmission because it renders the syslog data unusable to Arctic Wolf.

    • Name — Enter a name for the syslog server.
    • IP address / Domain — Enter the IP address of your Arctic Wolf sensor.
    • Secure log transmission — Clear the checkbox.
    • Port — Enter 514.
    • Facility — Use the default option.
    • Severity level — Select Informational from the list.
    • Format — Select Central Reporting Format from the list.
  5. Click Save.

  6. Contact your Concierge Security® Team to inform them that you have configured syslog forwarding, and to validate that the logs are being ingested appropriately. Include the following information:

    • Confirmation that you have completed the steps in this configuration guide.
    • The IP address you used during the configuration.
    • Any other questions or comments that you have.

See also