Native support for Syslog
The Sophos Enterprise Console needs the native capability to generate Syslog messages in response to system events and security incidents.
Many IT organizations rely on Syslog in order to transmit event messages to other applications for further processing such as: Centralized log storage, Forensic log analysis, IT help desk, Incident Response, Audit, etc.
When integrating Syslog events with a SIEM or Log Management tool, the tool receiving the events usually needs to normalize the data into their expected format. When creating a Syslog capability, it would be helpful if all of the events IDs were documented so that customers could create the necessary data mappings using their log management tool.
Have you evaluated using the Sophos Reporting Log Writer?
While this does not write directly to the syslog it is the supported mechanism for integration of the log information with SIEM products.
Note Splunk Docs also has some references for configuration for use SEC.
+1, Sophos is lagging when it comes to logging.
Jon Sundquist commented
I agree, please add the ability to send events/logs to SYSLOG natively from the SEC console. This feature would be very beneficial.
We really need this feature to be implemented is Sophos, please make this a priority. Also give us a option to chose time zone instead of the default UTC like in the Sophos Log Writer!
This is definitely a good idea, Sophos has a Log Writer but its a file based application and then you need to pickup logs from the hard drive, not the best and tastes way of doing things.