Skip to content
Last update: 2022-02-16


Capture syslog data from access points to debug device's connection-related issues.

Go to Wireless > Diagnostics > Syslog and set up syslog capture for your access points.

The syslog data also captures system anomalies over a period of time.

You must have a configured syslog server in place. You can only configure a syslog server for access points that are online in Sophos Central.

You can configure syslog servers at each access point.

We recommend that you don't setup a syslog server for more than two access points to avoid data intermixing. This keeps debugging simple.

For more information on diagnosing and troubleshooting issues see Frequently asked questions.

Configuration Prerequisites

Before you start you need to check the following:

  • Install a syslog server on the PC or server. There are various syslog servers available for different operating systems.
  • Make sure you allow ICMP on the syslog server. When you start sending logs to the syslog server, the APX tries to ping the server. If the server is not responding, no UDP packets are sent.
  • By default, syslog runs on UDP port 514. If you have configured syslog to listen on a different port, add this information to Sophos Central.
  • Make sure the access point is connected to the syslog server.
  • The logs are stored under the location configured in the syslog software. You can use a graphical user interface or a text editor to view logs.
  • Make sure that you have enough space on the syslog server to store new logs.


Use the configured server IP address and port number to capture syslog data. You can use Start to capture system generated logs for a specific access point. You need to set the following options.

  • Status: Indicates whether the access point is offline or online. You can capture syslog data only when the access point status is green.

    Icon Status
    Green filled circle Access point is online.
    Gray filled circle Access point is offline.
  • Access Point Name: Access point hostname.

  • Serial Number: Serial number of the access point.

  • Server IP: Access point sends packets to this server. You must run a syslog analyzer tool on the server to see the packets.

  • Server Port: Access points send packets to this port on the server.

  • Action: Start or stop the syslog data capture.

  • Status: Status of the syslog data capture.

    Status Description
    Started Syslog data capture has started.
    Completed Syslog data capture is complete.
    Server not reachable Access point is unable to reach the IP address provided by the user.
Back to top