hi all,
got an xgs FW and just wondering if it supports sending logs to an rsyslog server, if it does, can i have it save logs to the FW plus forward the logs aswell to the rsyslog server?
thanks,
rob
Hello there,
So either format would work, the only difference is how it’ll be shown to you in your Syslog:
Device Standard Reporting
<29>device="SFW" date=2022-06-23 time=12:42:28 timezone="PDT"…
ok i googled it and its here
https://docs.sophos.com/nsg/sophos-firewall/18.5/Help/en-us/webhelp/onlinehelp/AdministratorHelp/SystemServices/LogSettings/SyslogServerAdd/index.html
but im confused, what do i choose for facility and format
its a ubuntu 20.04 with rsyslog, so i imagine i choose "central reporting format?"
<29>device="SFW" date=2022-06-23 time=12:42:28 timezone="PDT" device_name="XG125" device_id=C1A0AXXXXXXX log_id=062009517504 log_type="Event" log_component="GUI" log_subtype="Admin" status="Successful" priority=Notice user_name="admin" src_ip=172.16.15 172.16.15.254 23/06 12:42:30.577
Central Reporting
<29>device_name="SFW" timestamp="2022-06-23T12:43:38-0700" device_model="XG125" device_serial_id="C1A0AXXXXXXX" log_id="062009517504" log_type="Event" log_component="GUI" log_subtype="Admin" status="Successful" severity="Notice" log_version=1 user_name 172.16.15.254 23/06 12:43:40.669
thanks, and what about facility
Hello,
DAEMON is the most used with Debug as severity, but this might cause a lot of logs, or you can try Notification.
Regards,
would i need to create a firewall rule for this aswell, so the FW can talk to the log server?
LOL, i forgot to tick the boxes after i added my syslog server, a new column came up and i had to tick what info i wanted it to send to the log server