> For the complete documentation index, see [llms.txt](https://docs.blusapphire.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.blusapphire.io/log-forwarding/03_log-forwarding-guide/log-forward/sophos/sophos-xg-firewalls-syslog.md). # Sophos XG Firewalls Syslog ### Integrate Sophos XG firewall. We can integrate Sophos Firewall by following the instructions below. 1. Go to System Services > Log Settings and click Add to configure a syslog server. 2. Enter a Name for the syslog server. 3. Enter the IP Address of the syslog server. Messages from the device will be sent to the entered IP Address. 4. Enter a Port number that the device will use for communicating with the syslog server. Device will send messages using the selected port. **Note**: Firewall Analyzer uses 1514 as default syslog server port. Please provide BluSapphire provided port number here. 5. Select the Facility from the available options. As an example, we have selected the default value i.e. DAEMON. **Note**: Facility informs the syslog server (LC) of the log message's source. It is defined by the syslog protocol. You can configure the facility to distinguish log messages from different devices. This parameter helps you identify the device that recorded a specific log file. Available options: * DAEMON (Default): Information on the services running in the device as daemon. * KERNEL: Kernel log. * LOCAL0 - LOCAL7: Log level information. * USER: Logging based on users who are connected to the Server. 1. Select the Severity Level from the available options. Severity level is the severity of the message that has been generated. The firewall logs all messages with a severity level equal to or greater than the level you select. For example, select Error to log all messages tagged as Error as well as any messages tagged with Critical, Alert and Emergency. Select Debug to log all messages. Available options: * Emergency (Default): The System is not usable. * Alert: Action must be taken immediately. * Critical: Critical problem/error. * Error: An Error has occurred. * Warning: Warning of a problem/error. * Notification: Normal, but significant. * Information: Informational. * Debug: Debug-level messages. 1. Select the Format from the available options. Currently, the firewall can only produce logs in its own standard format. ![sophos-xg-syslog](/files/u8tywUlHLvpV5T0N2k5I) 1. Click **Save** to save the configuration. Once you have added the server, go to the **System > System Services > Log Settings** page and enable all those logs, which are to be sent to the syslog server in the section **Log Settings**. ### Enable Traffic Logging 1. **Enable firewall traffic logs**: * Go to **Firewall > Edit Firewall Rule** to view the status of logging and security policies. * Enable logging of firewall traffic from Log Traffic section. It ensures that traffic passing through the Firewall rule has been logged and can be viewed from Log Viewer. * We recommend you enable logging for all firewall rules. ![](/files/QVacYGCinZO1RzRqbli5) * We recommend you enable logging for all firewall rules. 1. **Apply Security Policies**\ Set security policies to **Allow All** or **Default Policies** or a custom policy so that logs are generated. If the security policies are set to **None** then logs may not generate. 2. **Enable Local Logging**\ Go to **Configure > System Services > Log Settings** and select the checkbox **Log Type (System)** to enable local logging. We recommend you enable logging for all modules. ![](/files/agWLGLvz4MU0GZ5pDtoC) --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.blusapphire.io/log-forwarding/03_log-forwarding-guide/log-forward/sophos/sophos-xg-firewalls-syslog.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.