Forward Sophos (XG) Firewall logs

Configure the firewall to send logs by following this guide.

1. For "IP address/domain" use the IP/domain of the collector machine
2. For "Port" use 2516 (default for UDP) or another one that you have configured for the syslog connector
3. Do not enable "Secure log transmission" for collector-based integration (you can use it for direct firewall-to-SIEM integration)
4. For "Format" use "Device Standard Format"

Note

Make sure that all firewalls (including the firewall on the collector machine) allow connections to the collector port