Link
Search

image

NeQter Labs How to Guides

Sophos XG / XGS

Step 1:

Login to the NeQter and go to the NeQter Settings > Inputs page.

Step 2:

Add in the IP Address of your Sophos XG/XGS device(s), the label can be anything you prefer and have the manufacturer be selected as Sophos XG.

Step 3:

Go to NeQter Settings > Dashboards and enabled Sophos XG if not done so already.

Step 4:

Logon to your Sophos XG/XGS device and navigate to System Services > Log Settings, click Add on the top right to add in a Syslog Forwarder.

image

Step 5:

Put down a name to identify where it’s sending to (can be whatever, if you have no ideas, call it neqter), put down the ip of the neqter ip address for the ip, have the port be 514 and then select the notification level (We recommend notifications, although feel free to go with a lower or higher syslog level, just be very careful with debug as it can send millions of logs with very little input required).

Once finished, click Save on the bottom left of the page.

image

Step 6:

On the Log Settings page, under the the section of the same name, click on what logs you’d like sent from Sophos over to neqter and click Save once you have all the logs you’d like sent selected.

Assuming network traffic isn’t blocked by any firewalls or misconfigurations traffic should be showing up on NeQter within an hour. Please create a ticket here if further help is needed.