Log settings

XG Firewall provides extensive logging capabilities for traffic, system, and network protection functions. You can use logs to analyze network activity to help identify security issues and reduce network abuse.

You can store logs locally, send them to Sophos Central, or send them to third-party syslog servers.

You can select logs to store or send by module or feature, or you can select all logs.

  • To store logs locally, select logs under Local reporting.
  • To send logs to Sophos Central you must go to the Central synchronization page and turn on Sophos Central services.

    On the Log settings page, the logs supported by central reporting are selected by default. You can select and deselect logs under Central reporting.

  • To send logs to a syslog server, click Add and specify server details. The server will appear on the log settings page. Select the logs to send. You can also edit or delete syslog servers.

    XG Firewall supports syslog as defined in RFC 5424.

Logs

Firewall
Firewall logs provide information about traffic associated with the firewall configuration, such as firewall rules, MAC filtering, and DoS attacks.
IPS
IPS logs provide records of detected and dropped attacks based on unknown or suspicious patterns (anomalies) and signatures.
Antivirus
Antivirus logs provide details of viruses detected in HTTP, SMTP, FTP, POP3, IMAP4, HTTPS, SMTPS, IMAPS, and POPS traffic.
Anti-spam
Anti-spam logs provide details about SMTP, POP3, IMAP4, SMTPS, POPS, IMAPS spam and probable spam mails.
Content filtering
Content filtering logs provide details about web and application filtering events such as those associated with web policies.
Note To view events associated with a web policy, you must select Log firewall traffic in the associated firewall rule.
Events
Event logs provide information about configuration activities, authentication activities, and system activities.
Web server protection
Web server protection logs provide details of web server protection activities, for example, protection policies.
Advanced threat protection
Advanced threat protection logs provide information about ATP events such as drops or alerts.
Wireless
Wireless logs provide details about access point activity and SSIDs.
Heartbeat
Heartbeat logs provide information about the health status of the endpoints.
System health
System health logs provide details of CPU usage, memory usage, number of live users, interfaces, and disk partitions.
Sandstorm
Sandstorm logs provide records of all Sandstorm events.