Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=wireless-diagnostics-syslog

Syslog

You can capture logging data from access points and send it to a syslog server.

Go to My Products > Wireless > Diagnostics > Syslog and set up syslog capture for your access points.

You must have configured a syslog server. You can only configure a syslog server for access points online in Sophos Central.

You can configure syslog servers for each access point.

We recommend not setting up a syslog server for more than two access points to avoid data intermixing. This keeps debugging simple.

For more information on diagnosing and troubleshooting issues, see Frequently asked questions.

Configuration Prerequisites

Before you start, you need to check the following:

  • Install a syslog server on the PC or server. There are various syslog servers available for different operating systems.
  • Ensure you allow ICMP on the syslog server. When you start sending logs to the syslog server, the access point tries to ping the server. The access point doesn't send UDP packets if the server isn't responding.
  • By default, syslog runs on UDP port 514. If you've configured syslog to listen on a different port, add this information to Sophos Central.
  • Ensure the access point can connect to the syslog server.
  • The server stores logs under the location configured in the syslog software. You can see logs using a graphical user interface or text editor.
  • Ensure you have enough space on the syslog server to store new logs.

Configuration

Use the configured server IP address and port number to capture syslog data. You can use Start to capture system-generated logs for a specific access point. You need to set the following options.

  • Status: Indicates whether the access point is offline or online. You can capture syslog data only when the access point status is green.

    Icon Status
    Green filled circle. Access point is online.
    Gray filled circle. Access point is offline.

  • Access Point Name: Access point hostname.

  • Serial Number: Serial number of the access point.
  • Server IP: Access point sends packets to this server. You must run a syslog analyzer tool on the server to see the packets.
  • Server Port: Access points send packets to this port on the server.
  • Action: Start or stop the syslog data capture.

  • Status: Status of the syslog data capture.

    Status Description
    Started Syslog data capture has started.
    Completed Syslog data capture is complete.
    Server not reachable Access point can't reach the IP address provided by the user.