Configure SonicWall GMS to send logs to Arctic Wolf

You can configure SonicWall® GMS to send the necessary logs to Arctic Wolf® for security monitoring.

SonicWall GMS is a web-based application that allows you to configure and manage multiple SonicWall firewall appliances from one location.

Note: Depending on log settings, this configuration can cause limitations for alerting. Contact your Concierge Security® Team (CST) or Deployment representative to discuss other log forwarding options.

These resources are required:

  • An activated Arctic Wolf Sensor or Virtual Log Collector (vLC)
  • Access to the SonicWall GMS console with administrator permissions

Configure log forwarding

  1. Sign in to the SonicWall GMS console with administrator permissions.
  2. In a browser tab, go to GMS Tech Support.
  3. If a Warning dialog appears, click Accept.
  4. In the Configuration File editor section, click Edit.
  5. For the server that receives the forwarded logs, configure these settings:
    • syslog.forwardToHost — Enter the IP address of your Arctic Wolf physical or virtual sensor.
    • syslog.forwardToHostPort — Enter 514.
  6. Click Update.
  7. Restart the Arctic Wolf physical or virtual sensor.

Provide configuration information to Arctic Wolf

  1. Sign in to the Arctic Wolf Unified Portal.
  2. In the navigation menu, click Tickets & Alerts > All Tickets.
  3. Perform the appropriate action, depending on if you are:
    • A new customer — In the Ticket Type list, select Onboarding. Then, click the existing [Deploy] Site Config: <ticket_subject> ticket.
    • An existing customer — Click Open a New Ticket.
  4. On the Open a New Ticket page, configure these settings:
    • What is this ticket related to? — Select General request.
    • Subject — Enter Syslog changes.
    • Related ticket (optional) — Keep empty.
    • Message — Enter this information for your Concierge Security® Team (CST):
      • Confirmation that you completed the steps in this configuration guide.
      • The IP address or hostname of the Arctic Wolf Sensor that you used during the configuration.
      • The IP address, timezone, and device type for all sources that you are forwarding.
      • Questions or comments that you have.
  5. Click Send Message.

    Your CST reviews the details to make sure that Arctic Wolf is successfully processing the logs.