Add a syslog server
Add a syslog server and specify the settings.
To add a syslog server and configure the syslog settings, do as follows:
- Go to System services > Log settings and click Add.
- Enter a name.
Specify the settings.
Option Description IP address/domain IP address or domain name of the syslog server. Logs are sent to this server. Secure log transmission Encrypts logs sent to the syslog server using TLS. Port Port number for communication with the syslog server. Facility Facilities reflect the names of processes and daemons, and inform the syslog server of the origin of the log.
- DAEMON: Processes running as daemon service
- KERNEL: Kernel processes
- USER: Processes started by signed-in users
- LOCAL0-LOCAL7: You can use these for your own purposes.
Example: If you configure LOCAL1 for firewall 1 and LOCAL2 for firewall 2, the syslog server receives the respective facility value along with the log.
Severity level Minimum severity level of messages reported. Sophos Firewall logs all messages with a severity level equal to or greater than the level you select. For example, select Error to log all messages tagged as error and all messages tagged as critical, alert, and emergency. Select Debug to include all messsages. Alert means that action must be taken immediately. This has a higher severity level than Critical. Format Log format. Choose one of the following options:
Device Standard Format: Logs generated from Sophos Firewall modules aren't in standard syslog format, so the number of data fields in the logs for each module differs. You can use this option when you send logs to any third-party syslog server.
Central Reporting Format: Logs generated from Sophos Firewall modules are in standard syslog format. You can use this option when you send logs to Central reporting or any third-party syslog server. This format is the default option when you configure Central reporting, and you can't change it.
The image below shows the settings you can configure. Note that you can only turn Secure log transmission on or off.
- Go to Log settings and select the logs you want to send to the syslog server.