Configure Sophos XG Firewall to send logs to Arctic Wolf

You can configure your Sophos XG Firewall® to send the necessary logs to Arctic Wolf for monitoring security information.

Requirements

• Activated Arctic Wolf Sensor

Steps

1. Sign in to the Sophos Central console.

2. Click System services > Log settings.

3. Click Add.

4. Configure these settings:

   Note: Do not use secure log transmission because it renders the syslog data unusable to Arctic Wolf.

   • Name — Enter a name for the syslog server.
   • IP address / Domain — Enter the IP address of your Arctic Wolf sensor.
   • Secure log transmission — Clear the checkbox.
   • Port — Enter 514.
   • Facility — Use the default option.
   • Severity level — Select Informational from the list.
   • Format — Select Central Reporting Format from the list.

5. Click Save.

6. Contact your Concierge Security® Team to inform them that you have configured syslog forwarding, and to validate that the logs are being ingested appropriately. Include the following information:

   • Confirmation that you have completed the steps in this configuration guide.
   • The IP address you used during the configuration.
   • Any other questions or comments that you have.

See also

• Sophos | Add a syslog server v19.5
• Sophos | Add a syslog server v19.0
• Sophos | Add a syslog server v18.5
• Sophos | Add a syslog server v18.0
• Sophos | Firewall Documentation