sophos XG with siem (wazuh/ELK)

Question

hi,
i have a opensource siem (Wazuh/ELK), i want to configure sophos XG with it. can you please advise me how to do it?
i try to configure syslog on sophos XG for that siem server. but siem does not show any logs on it. can you please
guide me for this?

This thread was automatically locked due to age.

FormerMember · Answer

Hey Malik, Thanks for reaching out to Sophos Community.

Verify your Syslog Configurations once again with this here: https://docs.sophos.com/nsg/sophos-firewall/18.0/Help/en-us/webhelp/onlinehelp/nsg/tasks/SyslogServerAdd.html

If the configurations seem correct, Then you can check for the packet capture on port 514 UDP.

Get the SSH Access, navigate to [Option 4 > Console] and run the command --> tcpdump -nei any 'port 514

This will show the syslog traffic sent out to your SIEM server. Cross-verify the destination IP address with your SIEM's IP address

If this is configured to not use encryption, You can also take a PCAP and explore the SYSlog details in the Wireshark.

sophos XG with siem (wazuh/ELK)

Top Replies