Remote Syslog Server

On the Logging & Reporting > Log Settings > Remote Syslog Server tab you can make the settings for remote logging. This function allows you to forward log messages from Sophos UTM on AWS to other hosts. This is especially useful for networks using a host to collect logging information from several Sophos UTM on AWS units. The selected host must run a logging daemon that is compatible to the syslog protocol.

To configure a remote syslog server, proceed as follows:

1. On the Remote Syslog Server tab enable remote syslog.

   Click the toggle switch.

   The toggle switch turns amber and the Remote Syslog Settings area becomes editable.

2. Click the Plus icon in the Syslog Servers box to create a server.

   The Add Syslog Server dialog box opens.

3. Specify the following settings:

   Name: Enter a descriptive name for the remote syslog server.

   Server: Add or select the host that should receive log data from Sophos UTM on AWS. For how to add a network definition, see Definitions & Users > Network Definitions > Network Definitions.

   Caution – Do not use one of the interfaces of Sophos UTM on AWS as a remote syslog host, since this will result in a logging loop.

   Port: Add or select the service definition which is to be used for the connection. For how to add a network definition, see Definitions & Users > Network Definitions > Network Definitions.

4. Click Apply.

   Your settings will be saved.

   The switch turns green.

Remote Syslog Buffer

In this area you can change the buffer size of the remote syslog. The buffer size is the number of log lines kept in the buffer. Default is 1000. Click Apply to save your settings.

Remote Syslog Log Selection

This area is only editable when remote syslog is enabled. Select the checkboxes of the logs that should be delivered to the syslog server. You can select all logs at once by selecting the option Select All. Click Apply to save your settings.