Add a syslog server
Add a syslog server and specify the settings.
To add a syslog server and configure the syslog settings, do as follows:
- Go to System services > Log settings and click Add.
- Enter a name.
Specify the settings.
Option Description IP address/domain IP address or domain name of the syslog server. Logs are sent to this server. Secure log transmission Encrypts logs sent to the syslog server using TLS. Port Port number for communication with the syslog server. Facility
Facilities reflect the names of processes and daemons, and inform the syslog server of the origin of the log.
- DAEMON: Processes running as daemon service
- KERNEL: Kernel processes
- USER: Processes started by signed-in users
- LOCAL0-LOCAL7: You can use these for your own purposes.
Example: If you configure LOCAL1 for firewall 1 and LOCAL2 for firewall 2, the syslog server receives the respective facility value along with the log.
Severity level Minimum severity level of messages reported. Sophos Firewall logs all messages with a severity level equal to or greater than the level you select. For example, select Error to log all messages tagged as error and all messages tagged as critical, alert, and emergency. Select Debug to include all messsages. Alert means that action must be taken immediately. This has a higher severity level than Critical. Format
Log format. Third-party syslog servers can use either of the following log formats:
- Standard syslog protocol: Central reporting only uses this format. Central Reporting Format has been renamed to Standard syslog protocol.
- Device standard format (legacy): A custom format in which the number of log data fields differs for each module.
The image below shows the settings you can configure. Note that you can only turn Secure log transmission on or off.
- Go to Log settings and select the logs you want to send to the syslog server.