This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Syslog Stopping

I seem to be running into an issue where the remote logging stops at midnight. I can coax it back into working by stopping and restarting the remote logging within the web UI. But this leaves a gap from midnight until whenever I log in and restart. Any thoughts?

This thread was automatically locked due to age.

Parents

0 ToddMiller over 9 years ago

Switched from TCP to UDP and things look a bit more consistent.
Cancel
Vote Up 0 Vote Down

Cancel
0 c53f35a0 over 8 years ago in reply to ToddMiller

Would you mind sharing with me how you setup logging from Sophos UTM to Splunk? I tried contacting Sophos support but they told me SNMP is better without explaining how to configure anything.

I have a fresh Sophos UTM 9 and Splunk Enterprsie instance spinning but not sure how to correctly configure Splunk to ingest Sophos UTM logs.

I've tried the Splunk Add-on for Sophos but again, no details on how to setup UTM 9.

I'm currently trying to install and configure syslog-ng on the Splunk Enterprise instance but it feels like that is the wrong approach.

I just need to see an example...
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 c53f35a0 over 8 years ago in reply to ToddMiller

Would you mind sharing with me how you setup logging from Sophos UTM to Splunk? I tried contacting Sophos support but they told me SNMP is better without explaining how to configure anything.

I have a fresh Sophos UTM 9 and Splunk Enterprsie instance spinning but not sure how to correctly configure Splunk to ingest Sophos UTM logs.

I've tried the Splunk Add-on for Sophos but again, no details on how to setup UTM 9.

I'm currently trying to install and configure syslog-ng on the Splunk Enterprise instance but it feels like that is the wrong approach.

I just need to see an example...
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data