Dell Switch Logs

Updated Aug 31, 2023

Dell switch logs

Note: Before starting this procedure, discuss this log forwarding option with your Concierge Security® Team.

You can configure a Dell switch® to send the necessary logs to Arctic Wolf for monitoring security information using either of these methods:

Configure a Dell switch to send logs to Arctic Wolf using the CLI

You can use the command line interface (CLI) to configure a Dell switch to send logs. This procedure works for most Dell switches that use Dell EMC networking OS 9.

Requirements

Steps

  1. Connect one end of your modem cable to the CONSOLE port on the Dell switch and the other end to a serial port on the configuring computer.

  2. Launch your SSH client with the following settings:

    • Serial line — Enter COM1.
    • Speed (baud) — Enter 115200.
    • Data bits — Enter 8.
    • Stop bits — Enter 1.
    • Parity — Select None.
    • Flow control — Select None.
  3. Log in to the CLI using your SSH client.

  4. Run the following command:

    configure
  5. Run the following command, where <ip_address> is the IP address of your Arctic Wolf physical or virtual sensor:

    logging <ip_address>
  6. Contact your Concierge Security® Team to inform them that you have configured syslog forwarding.

Configure a Dell switch to send logs to Arctic Wolf using the SonicWall console

  1. Create an address object on a SonicWall firewall.
  2. Configure a syslog server on a SonicWall firewall.

Requirements

Step 1: Create an address object on a SonicWall firewall

  1. Log in to the SonicWall console as an administrator.

  2. In the menu bar, click OBJECT.

  3. In the navigation pane, click Match Objects > Addresses > Address Objects.

  4. Click +Add.

  5. In the Address Object Settings dialog, do the following:

    • Name — Enter a unique name for your Arctic Wolf physical or virtual sensor.
    • Zone Assignment — Select LAN from the list.
    • Type — Select Host from the list.
    • IP Address — Enter the IP address of your physical or virtual sensor.
  6. Click Save.

Step 2: Configure a syslog server on a SonicWall firewall

  1. Log in to the SonicWall console as an administrator.

  2. In the menu bar, click DEVICE.

  3. In the navigation pane, click Log > Syslog.

  4. Click the Syslog Servers tab.

  5. Click +Add.

  6. In the Add Syslog Server dialog, do the following:

    • Name or IP Address — Select your Arctic Wolf physical or virtual sensor name from the list.
    • Port — Enter 514.
    • Server Type — Select Syslog Server from the list.
  7. Click Add.

  8. Contact your Concierge Security® Team to inform them that you have configured syslog forwarding, and to validate that the logs are being ingested appropriately. Include the following information:

    • Confirmation that you have completed the steps in this configuration guide.
    • The IP address you used during the configuration.
    • Any other questions or comments that you have.

See also