How to configure Syslog Server to send Sophos Firewall logs to Manageengine Eventlog

1.The purpose of the article

In this article, techbast will show you how to configure the Syslog server to save all logs on the Sophos firewall device to the Syslog server.

In this article, the Syslog server that techbast uses is the ManageEngine Eventlog.

2.Diagram

Details:

  • The internet connection is connected at port 2 of the Sophos XG Firewall device with IP 192.168.2.120.
  • The LAN layer is configured at port 1 of the Sophos XG Firewall device with IP 10.145.41.1/24 and configured with a DHCP Server to allocate IPs to connected devices.
  • Finally, the server device with IP 10.145.41.11/24 is connected to port 1, on this server, the software that collects, manages and analyzes logs ManagEengine Eventlog Analyzer has been installed.

3.Scenario

Techbast will configure the Syslog server on the Sophos XG firewall device so that the device sends its own log to the ManageEngine Eventlog Analyzer software installed on the server.

4.What to do?

  • Configure Syslog Server on Sophos XG
  • Configure the device on the ManageEngine server
  • Result

5.Configuration

5.1.Configure Syslog Server on Sophos XG

To configure we need to access the firewall’s admin page with admin rights.

Next, go to System services > Log settings > click Add.

Configure according to the following parameters:

  • Name: Manageengine
  • IP address / Domain: enter 10.145.41.11 (It’s IP of server)
  • Port: 513
  • Facility: select DAEMON
  • Severity level: select Information
  • Format: Device Standard Format
  • Click Save

After we have configured the Syslog server, we need to pay attention to the Log Settings section below we will see the Syslog server ManageEngine appear.

This will be where you will choose what type of log will be sent to the Manageengine server.

Here techbast will check all.

After selecting, click Apply to apply.

5.2.Configure the device on the ManageEngine server

We will return to the server and access the management page of the ManageEngine Eventlog Analyzer software.

We go to Settings > Configuration > Manage Devices > Syslog Devices.

We will see that the Sophos device has been automatically added to Syslog Devices.

We can edit the parameters of this device by clicking on the pencil icon on the device.

The Update Device panel appears, here I will rename the Display Name to Sophos XG Firewall and click Update.

5.3.Result

To check if the ManageEngine Eventlog software has received the log from the Sophos device, go to Reports > Devices > select the down arrow icon > select Sophos.

The software will now display all logs received from the Sophos firewall device.

Be the first to comment

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.