This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Central API/SIEM Script not working

Recenlty starting working with the Sophos Central API and SIEM script provided by Sophos at

I am able to connect to the API and pull the logs into a local file but cannot get it to send to a remote Syslog.

This is the main reason for the script...

The error is below:

PS C:\Sophos-Central-SIEM-Integration-master> python .\siem.py
Config loaded, retrieving results for 'x-api-key: ######################'
Config retrieving results for 'Authorization: Basic ##################################################'
syslog is not supported on this platform

This is running on a Windows 10 machine with the correct version of Python.

Almost looks like it is looking for a local Syslog rather than the remote one specified?

Does this script intend to utilize a local syslog to forward to a remote one?

The config is:

[login]
# API Access URL + Headers
# API token setup steps: community.sophos.com/.../125169
token_info = url: api1.central.sophos.com/gateway, x-api-key: #####################, Authorization: Basic #########################


# format can be json, cef or keyvalue
format = json

# filename can be syslog, stdout, any custom filename
filename = syslog

# endpoint can be event, alert or all
endpoint = event

# syslog properties
# for remote address use <remoteServerIp>:<port>, for e.g. 192.1.2.3:514
# for linux local systems use /dev/log
# for MAC OSX use /var/run/syslog
address = ###.###.###.###:514
facility = user
socktype = udp


This thread was automatically locked due to age.