Sophos XG Firewall Logs
Updated Aug 31, 2023Configure Sophos XG Firewall to send logs to Arctic Wolf
You can configure your Sophos XG Firewall® to send the necessary logs to Arctic Wolf for monitoring security information.
Requirements
- Activated Arctic Wolf Sensor
Steps
-
Sign in to the Sophos Central console.
-
Click System services > Log settings.
-
Click Add.
-
Configure these settings:
Note: Do not use secure log transmission because it renders the syslog data unusable to Arctic Wolf.
- Name — Enter a name for the syslog server.
- IP address / Domain — Enter the IP address of your Arctic Wolf sensor.
- Secure log transmission — Clear the checkbox.
- Port — Enter
514
. - Facility — Use the default option.
- Severity level — Select Informational from the list.
- Format — Select Central Reporting Format from the list.
-
Click Save.
-
Contact your Concierge Security® Team to inform them that you have configured syslog forwarding, and to validate that the logs are being ingested appropriately. Include the following information:
- Confirmation that you have completed the steps in this configuration guide.
- The IP address you used during the configuration.
- Any other questions or comments that you have.