Sophos XG/XGS

NeQter Labs How to Guides

Sophos XG / XGS

Step 1:

Log in to NeQter and go to the NeQter Settings > Inputs page.

Step 2:

Click on the Add input button in the top right corner. Name your input, enter the IP Address of your Sophos XG/XGS device(s), and select Sophos XG as the value for the Manufacturer. Click Save to save your new input.

Step 3:

Enable Sophos integration by going to NeQter Settings > Dashboards, expand the Sophos dropdown, and toggle the desired Sophos capabilities to enable them. Save your changes at the top of the Dashboards panel by clicking Apply changes.

Step 4:

Log in to your Sophos XG/XGS device and navigate to System Services > Log Settings and click Add on the top right to add a new Syslog Forwarder.

Step 5:

Enter a name for the new Syslog Forwarder in the Name field, your neqter box IP address in the IP address field, 514 in the port field, and select your desired notification level. (We recommend the Notification level. Note: the Debug level has very high data output and can become noisy).

Click Save on the bottom left of the page.

Step 6:

In your Sophos XG/XGS device, go to the Log Settings > Log Settings section, select the logs you’d like sent from Sophos to your NeQter appliance and click Save.

Barring misconfigurations, traffic should be showing up in NeQter within an hour. To create a ticket for assistance, click here.