Splunk® Supported Add-ons

Splunk Add-on for Sophos

Download manual as PDF

Download topic as PDF

Configure Sophos Enterprise Console to produce syslog data for the Splunk Add-on for Sophos

The Splunk Add-on for Sophos can collect threat and operational event data from a Sophos Enterprise Console server by using a universal forwarder or by receiving the data over syslog. To use syslog over the network, install Sophos Reporting Interface and Sophos Reporting Log Writer on the Sophos Enterprise Console (SEC) server.

Note: This step is not necessary if you want to collect this data locally using a forwarder installed directly on the Sophos Enterprise Console.

Sophos does not log to disk by default. To configure Sophos to log to disk you must install the Sophos Reporting Interface and the Sophos Reporting Log Writer. See http://www.sophos.com/en-us/support/documentation/reporting-log-writer.aspx for more information.

For installation instructions, please refer to the Sophos website.

Last modified on 13 March, 2020
Install the Splunk Add-on for Sophos
Configure inputs for the Splunk Add-on for Sophos

This documentation applies to the following versions of Splunk® Supported Add-ons: released

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters