I want to send logs to a external syslog server hosted on Sumologic, to make sure that data is encrypted in transit I chose secure log transmission option but on the server end I can only see messages with question marks(?) and # and some other random values. Please look at sample messages below in screenshot :
My Firewall settings:
Facility : DAEMON
Severity level : Information
Syslog server settings:
Protocol : TCP/UDP (tried both the protocols one by one)
Port : 6514/514 (I tried both the ports one by one)
Destination IP : Public IP
Although I am seeing the required logs when secure log transmission option is disabled. Am i missing anything from my end?
Hi Sophos User1909
Thank you for reaching out to the Community!
Could you please try to change the Facility to LOCAL4 or Local7 and let us know if that makes any difference?
Also, try to change the log Format to "Central Reporting Formate" and let us know the result.
Community Support Engineer, Support & Services | Sophos Technical SupportSupport Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts If a post solves your question use the 'Verify Answer' button.
Thanks for the update. I am still seeing similar messages when secure log transmission is enabled.
Thank you for the update.
I would advise you to Open a Support Case and PM me the case number for further investigation.
Any update on this?
Could you please provide the screenshot of the configuration from your remote logging server? What are the collectors running on your remote logging server?
We have installed the sumologic collector on a linux EC2 instance (AWS) and configured syslog server on collector from sumologic GUI as shown in the screenshot below:
We have to move the logs for Sophos XG from one SIEM to another in the next few days, new siem is hosted on cloud which requires us to send logs to a public IP thereby requiring encryption in transit. I would appreciate it if the issue gets resolved as soon as possible.