Add a syslog server
Add a syslog server and specify the settings.
To add a syslog server and configure the syslog settings, do as follows:
- Go to System services > Log settings and click Add.
- Enter a name.
Specify the settings.
Option Description IP address/domain IP address or domain name of the syslog server. Logs are sent to this server. Secure log transmission Encrypts logs sent to the syslog server using TLS. Port Port number for communication with the syslog server. Facility Informs the syslog server of the log message's source. The facility indicates the log source, for example, an operating system, process, or application. You can configure the facility to distinguish log messages from different devices. The LOCAL0-LOCAL7 option refers to log level information. Severity level Minimum severity level of messages reported. Sophos Firewall logs all messages with a severity level equal to or greater than the level you select. For example, select Error to log all messages tagged as error and all messages tagged as critical, alert, and emergency. Select Debug to include all messsages.Alert means that action must be taken immediately. This has a higher severity level than Critical. Format Log format. Choose one of the following options: Device Standard Format: Logs generated from Sophos Firewall modules aren't in standard syslog format, so the number of data fields in the logs for each module differs. You can use this option when you send logs to any third-party syslog server.
Central Reporting Format: Logs generated from Sophos Firewall modules are in standard syslog format. You can use this option when you send logs to Central reporting or any third-party syslog server. When you configure Central reporting, this is the default option, you can't change it.
The image below shows the settings you can configure. Note that you can only turn Secure log transmission on or off.
Go to Log settings and select the logs you want to send to the syslog server.