hi,
i have a opensource siem (Wazuh/ELK), i want to configure sophos XG with it. can you please advise me how to do it?
i try to configure syslog on sophos XG for that siem server. but siem does not show any logs on it. can you please
guide me for this?
Hey Malik, Thanks for reaching out to Sophos Community.
Verify your Syslog Configurations once again with this here: https://docs.sophos.com/nsg/sophos-firewall/18.0/Help/en-us/webhelp/onlinehelp/nsg/tasks/SyslogServerAdd.html
If the configurations seem correct, Then you can check for the packet capture on port 514 UDP.
Get the SSH Access, navigate to [Option 4 > Console] and run the command --> tcpdump -nei any 'port 514
This will show the syslog traffic sent out to your SIEM server. Cross-verify the destination IP address with your SIEM's IP address
If this is configured to not use encryption, You can also take a PCAP and explore the SYSlog details in the Wireshark.
