Dell switch logs

You can configure a Dell switch® to send the necessary logs to Arctic Wolf for monitoring security information using either of these methods:

• Configure a Dell switch to send logs to Arctic Wolf using the CLI
• Configure a Dell switch to send logs to Arctic Wolf using the SonicWall console

Configure a Dell switch to send logs to Arctic Wolf using the CLI

You can use the command line interface (CLI) to configure a Dell switch to send logs. This procedure works for most Dell switches that use Dell EMC networking OS 9.

Requirements

• Activated Arctic Wolf Sensor

• Dell EMC Networking OS 9
• Modem cable
• SSH client (for example, PuTTY)

Steps

1. Connect one end of your modem cable to the CONSOLE port on the Dell switch and the other end to a serial port on the configuring computer.

2. Launch your SSH client with the following settings:

   • Serial line — Enter COM1.
   • Speed (baud) — Enter 115200.
   • Data bits — Enter 8.
   • Stop bits — Enter 1.
   • Parity — Select None.
   • Flow control — Select None.

3. Log in to the CLI using your SSH client.

4. Run the following command:

   configure

5. Run the following command, where <ip_address> is the IP address of your Arctic Wolf physical or virtual sensor:

   logging <ip_address>

6. Contact your Concierge Security® Team to inform them that you have configured syslog forwarding.

Configure a Dell switch to send logs to Arctic Wolf using the SonicWall console

1. Create an address object on a SonicWall firewall.
2. Configure a syslog server on a SonicWall firewall.

Requirements

• Activated Arctic Wolf Sensor

Step 1: Create an address object on a SonicWall firewall

1. Log in to the SonicWall console as an administrator.

2. In the menu bar, click OBJECT.

3. In the navigation pane, click Match Objects > Addresses > Address Objects.

4. Click +Add.

5. In the Address Object Settings dialog, do the following:

   • Name — Enter a unique name for your Arctic Wolf physical or virtual sensor.
   • Zone Assignment — Select LAN from the list.
   • Type — Select Host from the list.
   • IP Address — Enter the IP address of your physical or virtual sensor.

6. Click Save.

Step 2: Configure a syslog server on a SonicWall firewall

1. Log in to the SonicWall console as an administrator.

2. In the menu bar, click DEVICE.

3. In the navigation pane, click Log > Syslog.

4. Click the Syslog Servers tab.

5. Click +Add.

6. In the Add Syslog Server dialog, do the following:

   • Name or IP Address — Select your Arctic Wolf physical or virtual sensor name from the list.
   • Port — Enter 514.
   • Server Type — Select Syslog Server from the list.

7. Click Add.

8. Contact your Concierge Security® Team to inform them that you have configured syslog forwarding, and to validate that the logs are being ingested appropriately. Include the following information:

   • Confirmation that you have completed the steps in this configuration guide.
   • The IP address you used during the configuration.
   • Any other questions or comments that you have.

See also

• SonicWall Switch Getting Started Guide
• SonicWall Switch CLI Reference Guide