Syslog

About this task

The appliance can send log information to a syslog receiver for auditing and analysis. For detailed information about the syslog capabilities of the Sophos Email Appliance, see the SEA syslog information reference.

Note
If you are configuring appliances that are part of a cluster, each appliance’s syslog configuration must be appropriate for its specific location in your network.

To enable the appliance’s syslog facility:

Follow these steps

  1. Select the Enable Syslog check box.
  2. In the Hostname/IP text box, enter the address of the syslog receiver to which the appliance will send logs.
    Note
    If the syslog receiver becomes unavailable to the appliance, some log information may be dropped before the receiver becomes available again. The amount of information dropped depends on the duration that the receiver is unavailable, and on the current mail volume. However, all logs will continue to be available in the appliance’s automatic backups, if these have been configured.
  3. In the Port text box, enter the port number that your syslog receiver uses. If there is a firewall between the appliance and the syslog receiver, ensure outbound access from the appliance to the syslog server.
  4. Select a Protocol option button to select whether the appliance will send syslog data using UDP (faster, but delivery is not guaranteed) or TCP (reliable delivery).
  5. Select the check box next to each log that you want to record:
    Note
    The Administrator audit log cannot be disabled. It provides information about login and authorization attempts.
    • System status log: Provides information about system status events.
    • SPX notice log: Provides a record of failed SPX password login, change, and recovery attempts by users of the SPX portal. This log is only relevant if you have SPX encryption enabled, and you are using the user registration method of password management. For more information, see “Choosing an SPX Password Method”.
    • Message policy log: Provides a log of all message policy events, as well as any additional values you have set by configuring additional policy message actions.
    • Mail transfer agent log: Provides information about email messages that the appliance has sent or received.

What to do next

After you have made any necessary changes you can:

  • Click Apply to save your changes.
  • Click Cancel to discard your changes.
  • Select the Email, Support or SNMP tab to configure additional options.