Syslog is a protocol for collecting and forwarding messages from a multitude of devices to a server running a syslog daemon, usually with UDP Port 514. The syslog is a remote computer running a syslog server. Logging to a central syslog server helps collect logs and alerts. A SYSLOG service simply accepts messages and stores them in files or prints. This form of logging is the best choice, as it provides a central logging facility and long-term protected storage for logs. This is useful in both routine troubleshooting and incident handling. Sophos Firewall (SF) can send and store detailed logs to an external Syslog server. Syslog support requires an external server running a Syslog daemon on any of the UDP Ports. The device supports a maximum of five syslog servers. The following sections are covered:
Applies to the following Sophos products and versions Sophos Firewall
You can configure a syslog server in Sophos Firewall by following the instructions below.
Note: Facility informs the syslog server of the log message's source. It is defined by the syslog protocol. You can configure the facility to distinguish log messages from different devices. This parameter helps you identify the device that recorded a specific log file.
Go to System Services > Log Settings and click the checkbox next to the required log types for them to be recorded in the syslog servers.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.