Skip to content
Any configuration changes made locally on the switch won't be synchronized with Sophos Central. We recommend making changes from the Sophos Central control panel instead.

Log

The Syslog protocol allows devices to send event notification messages in response to events, faults, or errors occurring on the platform, as well as changes in configuration or other occurrences across an IP network to syslog servers. It then collects the event messages, providing powerful support for users to monitor network operation and diagnose malfunctions. A syslog enabled device can generate a syslog message and send it to a Syslog server.

Syslog is defined in RFC 3164. The RFC defines the packet format, content, and system log related information of Syslog messages. Each Syslog message has a facility and severity level. The Syslog facility identifies a file in the Syslog server. Refer to the documentation of your Syslog program for details. The following table describes the Syslog severity levels.

Code Severity Description General Description
0 EMERG System is unusable. A "panic" condition usually affecting multiple apps, servers, or sites. At this level it would usually notify all tech staff on call.
1 ALERT Action must be taken immediately. It should be corrected immediately, therefore notify staff who can fix the problem. An example would be the loss of a primary ISP connection.
2 CRIT Critical conditions. It should be corrected immediately, but indicates failure in a secondary system, an example is a loss of a backup ISP connection.
3 ERROR Error conditions. Non-urgent failures, these should be relayed to developers or admins; each item must be resolved within a given time.
4 WARNING Warning conditions. Warning messages, not an error, but an indication that an error will occur if action is not taken, e.g. file system 85% full each item must be resolved within a given time.
5 NOTICE Normal but significant condition. Events that are unusual but not error conditions might be summarized in an email to developers or admins to spot potential problems no immediate action is required.
6 INFO Informational messages. Normal operational messages may be harvested for reporting, measuring throughput, etc. no action is required.

Global Settings

From here, you can Enable or Disable the log settings for the Switch.

Click Apply to update the system settings.

Local Logging

The system Log is designed to monitor the operation of the switch by recording the event messages it generates during normal operation. These events may provide vital information about system activity that can help in the identification and solutions of system problems.

The switch supports log output in two directions: Flash and RAM. The information stored in the system's RAM log will be lost after the switch is rebooted or powered off, whereas the information stored in the system's Flash will be kept effective even if the switch is rebooted or powered off. The log has a fixed capacity; at a certain level, the Sophos switch will start deleting the oldest entries to make room for the newest.

Click the Apply button to accept the changes or the Cancel button to discard them.

Remote Logging

The internal log of the Sophos Switch has a fixed capacity; at a certain level, the Sophos switch will start deleting the oldest entries to make room for the newest. If you want a permanent record of all logging activities, you can set up your syslog server to receive log contents from the Sophos switch. Use this page to direct all logging to the syslog server. Click the Add button, define your syslog server, and select the severity level of events you wish to log.

Click the Apply button to accept the changes or the Cancel button to discard them.

Log table

This page displays the most recent records in the Switch's internal log. Log entries are listed in reverse chronological order (with the latest logs at the top of the list). Click a column header to sort the contents by that category.

Display logs in:

  • RAM: The information stored in the system’s RAM log will be lost after the Switch is rebooted or powered off.
  • Flash: The information stored in the system’s Flash will be kept effective even if the Switch is rebooted or powered off.

Export: Click the Export button to export the current buffered log to a .txt file.

Clear: Click the Clear button to clear the buffered log in the system's memory.