Integrating with Sophos XG Firewall
Configuring the Syslog Server
This article provides information on how to set up the Sophos XG Firewall to send logs to Blumira’s sensor.
Start by logging into your Sophos XG Firewall and follow these steps:
- Go to System Services > Log Settings and click Add to configure a syslog server.
Configure the following log settings:
- Name for the syslog server like “BlumiraSensor”
- IP Address of the Blumira Sensor.
- Port number 514 which will communicate with the Sensor
- Leave the default Facility of DAEMON, facility does not impact the Blumira Sensor generally
- Select the Severity Level of Informational (you may want to move to Debug in the future, but Informational is a good starting point)
- Leave the default Format of Device Standard Format
- Click Save to save the new Blumira Sensor syslog server log settings
Sophos documentation on how to add a Syslog server: https://community.sophos.com/kb/en-us/123184
Next, specify which Sophos logs get sent to the Blumira sensor:
- Go to System Services > Log Settings
- Select all checkboxes under Syslog unless there is not a need/license for one.
- Ensure that the Log Traffic option is selected in the Firewall Rule is selected, otherwise, traffic will not be logged out.