Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 27 subscribers
  • Views 1759 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG log to Syslog Parser files

Enz0h

Hello everyone, 

I need some help about the send the firewall logs to a syslog server. Currently noted that the logs sended by Sophos XG on the syslog are stored in a single file named "SFW.LOG", this is a bit unproductive because it not parsed by module or features, (IPS log, Fw log, email log, VPN-SSL log, etc).

 

 

 

I configured some profiles to send the logs to the syslog server from sophos. 5 profiles with different logs to send, but it not works and it's stored in a single file as mentioned:

 

 

I've disabled the options because when it's enabled the single log file increase too much (in 10 min log increase about 3 GB.... )

 

Any ideas how can resolve this?.....

 

Best regards!



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to KingChris

    Hello KingChris, this is not related to a communication problem between sophos and our Syslog server, the case is about why sophos is not sending the logs files separately, is only one file "SFW.LOG" with the entire logging and it increasing suprisingly fast!.

     

    We need a solution about how we can separate the logs by feature, a log for reverseproxy.log, firewall.log, ipsec.log, etc, etc....

     

    Waiting for replys

     

    Best regards!

  • 0 in reply to Enz0h

    Hi  

    Currently that is the way it works.

    If you would like the file to be shipped separately then you would have to open a feature request here: ideas.sophos.com.

    Thanks!