Sophos Astaro Security Gateway

The Sophos Astaro Security Gateway DSM for IBM QRadar accepts events by using syslog, enabling QRadar to record all relevant events.

About this task

To configure syslog for Sophos Astaro Security Gateway:

Procedure

  1. Log in to the Sophos Astaro Security Gateway console.
  2. From the navigation menu, select Logging > Settings.
  3. Click the Remote Syslog Server tab.

    The Remote Syslog Status window is displayed.

  4. From Syslog Servers panel, click the + icon.

    The Add Syslog Server window is displayed.

  5. Configure the following parameters:
    1. Name - Type a name for the syslog server.
    2. Server - Click the folder icon to add a pre-defined host, or click + and type in new network definition
    3. Port - Click the folder icon to add a pre-defined port, or click + and type in a new service definition.
      By default, QRadar communicates by using the syslog protocol on UDP/TCP port 514.
    4. Click Save.
  6. From the Remote syslog log selection field, you must select check boxes for the following logs:
    1. POP3 Proxy - Select this check box.
    2. Packet Filter - Select this check box.
    3. Packet Filter - Select this check box.
    4. Intrusion Prevention System - Select this check box
    5. Content Filter(HTTPS) - Select this check box.
    6. High availability - Select this check box
    7. FTP Proxy - Select this check box.
    8. SSL VPN - Select this check box.
    9. PPTP daemon- Select this check box.
    10. IPSEC VPN - Select this check box.
    11. HTTP daemon - Select this check box
    12. User authentication daemon - Select this check box.
    13. SMTP proxy - Select this check box.
    14. Click Apply.
    15. From Remote syslog status section, click Enable
    You can now configure the log source in QRadar.
  7. To configure QRadar to receive events from your Sophos Astaro Security Gateway device: From the Log Source Type list, select Sophos Astaro Security Gateway.