Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Sophos Astaro Security Gateway

The Sophos Astaro Security Gateway DSM for JSA accepts events by using syslog, enabling JSAto record all relevant events.

To configure syslog for Sophos Astaro Security Gateway:

  1. Log in to the Sophos Astaro Security Gateway console.

  2. From the navigation menu, select Logging >Settings.

  3. Click the Remote Syslog Server tab.

    The Remote Syslog Status window is displayed.

  4. From Syslog Servers panel, click the + icon.

    The Add Syslog Server window is displayed.

  5. Configure the following parameters:

    1. Name— Type a name for the syslog server.

    2. Server— Click the folder icon to add a pre-defined host, or click + and type in new network definition

    3. Port— Click the folder icon to add a pre-defined port, or click + and type in a new service definition.

      By default, JSA communicates by using the syslog protocol on UDP/TCP port 514.

    4. Click Save.

  6. From the Remote syslog log selection field, you must select check boxes for the following logs:

    1. POP3 Proxy— Select this check box.

    2. Packet Filter— Select this check box.

    3. Packet Filter— Select this check box.

    4. Intrusion Prevention System— Select this check box

    5. Content Filter(HTTPS)— Select this check box.

    6. High availability - Select this check box

    7. FTP Proxy - Select this check box.

    8. SSL VPN - Select this check box.

    9. PPTP daemon- Select this check box.

    10. IPSEC VPN - Select this check box.

    11. HTTP daemon - Select this check box

    12. User authentication daemon - Select this check box.

    13. SMTP proxy - Select this check box.

    14. Click Apply.

    15. From Remote syslog status section, click Enable

    You can now configure the log source in JSA.

  7. To configure JSA to receive events from your Sophos Astaro Security Gateway device: From the Log Source Type list, select Sophos Astaro Security Gateway.

Sophos Astaro Security Gateway Sample Event Messages

Use these sample event messages to verify a successful integration with JSA.

Note:

Due to formatting issues, paste the message format into a text editor and then remove any carriage return or line feed characters.

Sophos Astaro Security Gateway Sample Messages When You Use the Syslog Protocol

Sample 1: The following sample event message shows that a web request is blocked.

Table 1: Highlighted values in the Sophos Astaro Security Gateway event

JSA field name

Highlighted values in the event payload

Event ID

0002

Source IP

10.112.47.87

Destination IP

10.112.48.88

Username

testUser

Device Time

2019:06:20-04:12:39

Sample 2: The following sample event message shows that a packet is dropped by the packet filter.

Table 2: Highlighted values in the Sophos Astaro Security Gateway event

JSA field name

Highlighted values in the event payload

Event ID

2001

Source IP

10.112.2.39

Source Port

53

Destination IP

10.112.47.75

Destination Port

29366

Device Time

2019:06:20-04:12:39