SOPHOS AV

Configure Syslog Server:

Step 1: Configure Syslog Server

Go to Logs & Reports > Configuration > Syslog Server and click Add to configure the syslog server according to parameters given below.

Enter server details.

Name

Enter a unique name for the syslog server.

IP Address / Domain

Specify the IP address (IPv4 / IPv6) or domain name of the syslog server. Logs from the device will be sent to the server.

Port

Specify the port number for communication with the syslog server. The device will send logs using the configured port.

Facility

Select syslog facility for logs to be sent to the syslog server.

Facility indicates to the syslog server the source of a log such as operating system, the process or an application. It is defined by the syslog protocol.

The device supports several syslog facilities for received log.

Available Options:

Daemon logs (information of services running in device as daemon).

Kernel log

Log level information.

Logging based on users who are connected to the server.

Severity Level

Specify severity levels of logs.

Severity level is the severity of the log that has been generated.

The device logs all the messages at and above the logging severity level you select. For example, select ERROR to log all messages tagged as ERROR, as well as any messages tagged with CRITICAL, ALERT and EMERGENCY and select DEBUG to log all messages.

The device supports following severity levels:

Format

The device produces logs in the specified format. The device currently produces logs in device standard format.

Click OK to save the configuration. Note: Repeat above steps if you want to add multiple syslog servers. Maximum five syslog servers can be added.

Step 2: Specify Logs to be Stored in Syslog Server

Go to Logs & Reports > Configuration > Log Settings and specify the kinds of logs to be recorded in the syslog server configured in Step 1. Check against the required types of logs.