Configure syslog remote logging for a Sophos firewall
This article provides instruction on how to set up and enable Syslog forwarding on a Sophos firewall
Navigate to System Services > Log Settings and click Add to configure a Syslog server.
Enter a Name for the Syslog server.
Enter the IP Address of the Syslog server.
Enter a Port number that the device will use for communicating with the Syslog server. (UDP / 514 is recommended)
Select the Facility option and choose the value DAEMON.
Select the Severity Level from the available options and choose the value Information.
The log format to be selected is Device Standard Format. Click Save the configuration.
Once you have added the server, go to the System > System Services > Log Settings page and enable all those logs, which are to be sent to the Syslog server in the section Log Settings.
Enable Traffic Logging
Enable firewall traffic logs:
- Go to Firewall > Edit Firewall Rule to view the status of logging and security policies.
- Enable logging of firewall traffic from the Log Traffic section. It ensures that traffic passing through the Firewall rule has been logged and can be viewed from Log Viewer.
Apply Security Policies
Set security policies to Allow All or Default Policies or a custom policy so that logs are generated. If the security policies are set to None then logs may not generate.
Enable Logging
Go to Configure > System Services > Log Settings and select the checkbox Log Type (System) to enable logging for the Syslog server created in step 1. We recommend you enable logging for all security-related modules, firewall rules, and logon activities.
You've now set up Syslog remote logging on your firewall. You are now ready to send firewall data to the RocketCyber firewall log analyzer. See the related article to configure RocketCyber's firewall log analyzer, for receiving the data.
Related Articles
Configure syslog remote logging for a SonicWall firewall
This article provides instruction on how to set up and enable Syslog forwarding on a SonicWall firewall. Logon to the firewall as admin. Navigate to Manage | Log Settings | SYSLOG Click on the Add button Select the Name or IP address of the Syslog ...
Configure remote syslog logging for a Fortinet Firewall
This article describes the steps to configure Fortinet Firewalls to send syslog data to the RocketCyber Firewall Analyzer Configure your FortiGate firewall settings Configure the FortiGate firewall settings for your specific FortiOS operating system. ...
Configure remote syslog logging for a WatchGuard Firewall
This article describes the steps required to configure a WatchGuard firewall to send Syslog messages to the RocketAgent Syslog Server To Configure the FireBox to send Syslog messages to the RocketAgent Syslog Server Select System > Logging. Click the ...
Configure syslog remote logging for a Ubiquiti Unifi Security Gateway (USG)
This article will walk through the steps required to send Syslog data from a Ubiquiti USG device to the RocketCyber Firewall Analyzer Enable Remote Logging 1. Log in to the Unifi Network Controller and click on Settings (gear icon) at the bottom of ...
Configure remote syslog forwarding for Palo Alto firewalls
This article will describe the steps required to configure Palo Alto to send Syslog messages to the RocketAgent Syslog Server Create Syslog Profile Open your Palo Alto dashboard. Navigate to Devices > Server Profiles > Syslog Click Add and enter a ...