Remote Syslog Server

On the Logging & Reporting > Log Settings > Remote Syslog Server tab you can make the settings for remote logging. This function allows you to forward log messages from Sophos UTM on AWS to other hosts. This is especially useful for networks using a host to collect logging information from several Sophos UTM on AWS units. The selected host must run a logging daemon that is compatible to the syslog protocol.

To configure a remote syslog server, proceed as follows:

  1. On the Remote Syslog Server tab enable remote syslog.

    Click the toggle switch.

    The toggle switch turns amber and the Remote Syslog Settings area becomes editable.

  2. Click the Plus icon in the Syslog Servers box to create a server.

    The Add Syslog Server dialog box opens.

  3. Make the following settings:

    Name: Enter a descriptive name for the remote syslog server.

    Server: Add or select the host that should receive log data from Sophos UTM on AWS. How to add a definition is explained on the Definitions & Users > Network Definitions > Network Definitions page.

    Caution – Do not use one of the interfaces of Sophos UTM on AWS as a remote syslog host, since this will result in a logging loop.

    Port: Add or select the service definition which is to be used for the connection. How to add a definition is explained on the Definitions & Users > Network Definitions > Network Definitions page.

  4. Click Apply.

    Your settings will be saved.

    The toggle switch turns green.

Remote Syslog Buffer

In this area you can change the buffer size of the remote syslog. The buffer size is the number of log lines kept in the buffer. Default is 1000. Click Apply to save your settings.

Remote Syslog Log Selection

This area is only editable when remote syslog is enabled. Select the checkboxes of the logs that should be delivered to the syslog server. You can select all logs at once by selecting the option Select All. Click Apply to save your settings.