This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG - Secure log transmission

Sophos User1909 7 months ago

Hi Team,

I want to send logs to a external syslog server hosted on Sumologic, to make sure that data is encrypted in transit I chose secure log transmission option but on the server end I can only see messages with question marks(?) and # and some other random values. Please look at sample messages below in screenshot :

My Firewall settings:

Facility : DAEMON

Severity level : Information

Syslog server settings:

Protocol : TCP/UDP (tried both the protocols one by one)

Port : 6514/514 (I tried both the ports one by one)

Destination IP : Public IP

Although I am seeing the required logs when secure log transmission option is disabled. Am i missing anything from my end?

This thread was automatically locked due to age.

Parents

0 H_Patel 7 months ago

Hi Sophos User1909

Thank you for reaching out to the Community!

Could you please try to change the Facility to LOCAL4 or Local7 and let us know if that makes any difference?

Also, try to change the log Format to "Central Reporting Formate" and let us know the result.

Thanks,

Harsh Patel (H_Patel)

Community Support Engineer | Sophos Technical Support
Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' button.
Cancel
Up 0 Down

Cancel

Reply

0 H_Patel 7 months ago

Hi Sophos User1909

Thank you for reaching out to the Community!

Could you please try to change the Facility to LOCAL4 or Local7 and let us know if that makes any difference?

Also, try to change the log Format to "Central Reporting Formate" and let us know the result.

Thanks,

Harsh Patel (H_Patel)

Community Support Engineer | Sophos Technical Support
Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' button.
Cancel
Up 0 Down

Cancel

Children

0 Sophos User1909 7 months ago in reply to H_Patel

Hi Team,

Thanks for the update. I am still seeing similar messages when secure log transmission is enabled.
Cancel
Up 0 Down

Cancel
0 H_Patel 7 months ago in reply to Sophos User1909

Hi Sophos User1909

Thank you for the update.

I would advise you to Open a Support Case and PM me the case number for further investigation.

Thanks,

Harsh Patel (H_Patel)

Community Support Engineer | Sophos Technical Support
Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' button.
Cancel
Up 0 Down

Cancel
0 Sophos User1909 6 months ago in reply to H_Patel

Hi Team,

Any update on this?
Cancel
Up 0 Down

Cancel
0 H_Patel 6 months ago in reply to Sophos User1909

Hi Sophos User1909

Could you please provide the screenshot of the configuration from your remote logging server? What are the collectors running on your remote logging server?

Thanks,

Harsh Patel (H_Patel)

Community Support Engineer | Sophos Technical Support
Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' button.
Cancel
Up 0 Down

Cancel
0 Sophos User1909 6 months ago in reply to H_Patel

We have installed the sumologic collector on a linux EC2 instance (AWS) and configured syslog server on collector from sumologic GUI as shown in the screenshot below:
Cancel
Up 0 Down

Cancel
0 Sophos User1909 6 months ago in reply to Sophos User1909

Hi Team,

Any update on this?
Cancel
Up 0 Down

Cancel
0 Sophos User1909 6 months ago in reply to Sophos User1909

Hi Team,

We have to move the logs for Sophos XG from one SIEM to another in the next few days, new siem is hosted on cloud which requires us to send logs to a public IP thereby requiring encryption in transit. I would appreciate it if the issue gets resolved as soon as possible.
Cancel
Up 0 Down

Cancel