Syslog

Capture syslog data from access points to debug device's connection-related issues.

The syslog data also captures system anomalies over a period of time.

You must have a configured syslog server in place. You can only configure a syslog server for access points that are online in Sophos Central.

You can configure syslog servers at each access point.

We recommend that you don't setup a syslog server for more than two access points to avoid data intermixing. This keeps debugging simple.

Configuration Prerequisites

Before you start you need to check the following:

  • Install a syslog server on the PC or server. There are various syslog servers available for different operating systems.
  • Make sure you allow ICMP on the syslog server. When you start sending logs to the syslog server, the APX tries to ping the server. If the server is not responding, no UDP packets are sent.
  • By default, syslog runs on UDP port 514. If you have configured syslog to listen on a different port, add this information to Sophos Central.
  • Make sure the access point is connected to the syslog server.
  • The logs are stored under the location configured in the syslog software. You can use a graphical user interface or a text editor to view logs.
  • Make sure that you have enough space on the syslog server to store new logs.

Configuration

Use the configured server IP address and port number to capture syslog data. You can use Start to capture system generated logs for a specific access point. You need to set the following options.

Status: Indicates whether the access point is offline or online. You can capture syslog data only when the access point status is green.

Icon

Status

Green filled circle

Access point is online.

Grey filled circle

Access point is offline.

Access Point Name: Access point hostname.

Serial Number: Serial number of the access point.

Server IP: Access point sends packets to this server. You must run a syslog analyzer tool on the server to see the packets.

Server Port: Access points send packets to this port on the server.

Action: Start or stop the syslog data capture.

Status: Status of the syslog data capture.

Status

Description

Started

Syslog data capture has started.

Completed

Syslog data capture is complete.

Server not reachable

Access point is unable to reach the IP address provided by the user.