Dell Switch Logs

Configuration Guide

Updated Jan 27, 2023

Dell Switch Logs

Dell switch logs Direct link to this section

Note: Before starting this procedure, discuss this log forwarding option with your Concierge Security® Team.

You can configure a Dell switch to send the necessary logs to Arctic Wolf for monitoring security information using either of these methods:

Configure a Dell switch to send logs to Arctic Wolf using the CLI Direct link to this section

You can use the command line interface (CLI) to configure a Dell switch to send logs. This procedure works for most Dell switches that use Dell EMC networking OS 9.

Requirements Direct link to this section

Steps Direct link to this section

  1. Connect one end of your modem cable to the CONSOLE port on the Dell switch and the other end to a serial port on the configuring computer.

  2. Launch your SSH client with the following settings:

    • Serial line — Enter COM1.
    • Speed (baud) — Enter 115200.
    • Data bits — Enter 8.
    • Stop bits — Enter 1.
    • Parity — Select None.
    • Flow control — Select None.
  3. Log in to the CLI using your SSH client.

  4. Run the following command:

    configure
  5. Run the following command, where <ip_address> is the IP address of your Arctic Wolf physical or virtual sensor:

    logging <ip_address>
  6. Contact your Concierge Security® Team to inform them that you have configured syslog forwarding.

Configure a Dell switch to send logs to Arctic Wolf using the SonicWall console Direct link to this section

  1. Create an address object on a SonicWall firewall.
  2. Configure a syslog server on a SonicWall® firewall.

Step 1: Create an address object on a SonicWall firewall Direct link to this section

  1. Log in to the SonicWall® console as an administrator.

  2. In the menu bar, click OBJECT.

  3. In the navigation pane, click Match Objects > Addresses > Address Objects.

  4. Click +Add.

  5. In the Address Object Settings dialog, do the following:

    • Name — Enter a unique name for your Arctic Wolf physical or virtual sensor.
    • Zone Assignment — Select LAN from the list.
    • Type — Select Host from the list.
    • IP Address — Enter the IP address of your physical or virtual sensor.
  6. Click Save.

Step 2: Configure a syslog server on a SonicWall firewall Direct link to this section

  1. Log in to the SonicWall® console as an administrator.

  2. In the menu bar, click DEVICE.

  3. In the navigation pane, click Log > Syslog.

  4. Click the Syslog Servers tab.

  5. Click +Add.

  6. In the Add Syslog Server dialog, do the following:

    • Name or IP Address — Select your Arctic Wolf physical or virtual sensor name from the list.
    • Port — Enter 514.
    • Server Type — Select Syslog Server from the list.
  7. Click Add.

  8. Contact your Concierge Security® Team to inform them that you have configured syslog forwarding, and to validate that the logs are being ingested appropriately. Include the following information:

    • Confirmation that you have completed the steps in this configuration guide.
    • The IP address you used during the configuration.
    • Any other questions or comments that you have.

See also Direct link to this section