Configuring Sophos firewall

This article provides instructions on how to set up and enable Syslog forwarding on a Sophos firewall.

Adding a Syslog server and configuring settings

Follow these steps to add a Syslog server and configure the settings:

1. Navigate to System services > Log settings and click Add.

2. Enter a name for the Syslog server.

3. Specify the following settings:

IP address / Domain: Enter the IP address or domain name of the Syslog server. This is where logs will be sent.
Secure log transmission: Select this checkbox to encrypt logs sent to the Syslog server using TLS.
Port: Input the port number for communication with the Syslog server.
Facility: Facilities reflect the names of processes and daemons, and inform the Syslog server of the origin of the log.
- DAEMON: Processes running as daemon service
- KERNEL: Kernel processes
- USER: Processes started by signed-in users
- LOCAL0-LOCAL7: These can be used for your own purposes. For example, configure LOCAL1 for Firewall 1 and LOCAL2 for Firewall 2. The Syslog server will receive the respective facility value along with the log.
Severity level: Select the minimum severity level of messages to be logged. The Sophos Firewall will log all messages with a severity level equal to or higher than the level you select. For example, if you select Error, all messages tagged as error, critical, alert, and emergency will be logged. Selecting Debug will include all messages. Alert indicates that immediate action must be taken, and it has a higher severity level than Critical.
Format: Choose the log format. Third-party Syslog servers can use either of the following log formats:
- Standard syslog protocol: Central reporting only uses this format. Central Reporting Format has been renamed to Standard syslog protocol.
- Device standard format (legacy): A custom format in which the number of log data fields differs for each module.
The image below shows the settings you can configure. Note that you can only turn Secure log transmission on or off.
Click Save.
Go to Log settings and select the logs you want to send to the Syslog server.

Following these steps will successfully configure Syslog forwarding on your Sophos firewall.

	Need help? Submit a Kaseya Helpdesk request.
	Want to talk about it? Head over to Kaseya Community.
	Have a new feature idea? Visit the Kaseya Ideas portal.
	Provide feedback for the Documentation team.