Dell Switch Logs
Updated Aug 31, 2023Dell switch logs
Note: Before starting this procedure, discuss this log forwarding option with your Concierge Security® Team.
You can configure a Dell switch® to send the necessary logs to Arctic Wolf for monitoring security information using either of these methods:
- Configure a Dell switch to send logs to Arctic Wolf using the CLI
- Configure a Dell switch to send logs to Arctic Wolf using the SonicWall console
Configure a Dell switch to send logs to Arctic Wolf using the CLI
You can use the command line interface (CLI) to configure a Dell switch to send logs. This procedure works for most Dell switches that use Dell EMC networking OS 9.
Requirements
- Activated Arctic Wolf Sensor
- Dell EMC Networking OS 9
- Modem cable
- SSH client (for example, PuTTY)
Steps
-
Connect one end of your modem cable to the CONSOLE port on the Dell switch and the other end to a serial port on the configuring computer.
-
Launch your SSH client with the following settings:
- Serial line — Enter COM1.
- Speed (baud) — Enter 115200.
- Data bits — Enter 8.
- Stop bits — Enter 1.
- Parity — Select None.
- Flow control — Select None.
-
Log in to the CLI using your SSH client.
-
Run the following command:
configure
-
Run the following command, where
<ip_address>
is the IP address of your Arctic Wolf physical or virtual sensor:logging <ip_address>
-
Contact your Concierge Security® Team to inform them that you have configured syslog forwarding.
Configure a Dell switch to send logs to Arctic Wolf using the SonicWall console
- Create an address object on a SonicWall firewall.
- Configure a syslog server on a SonicWall firewall.
Requirements
- Activated Arctic Wolf Sensor
Step 1: Create an address object on a SonicWall firewall
-
Log in to the SonicWall console as an administrator.
-
In the menu bar, click OBJECT.
-
In the navigation pane, click Match Objects > Addresses > Address Objects.
-
Click +Add.
-
In the Address Object Settings dialog, do the following:
- Name — Enter a unique name for your Arctic Wolf physical or virtual sensor.
- Zone Assignment — Select LAN from the list.
- Type — Select Host from the list.
- IP Address — Enter the IP address of your physical or virtual sensor.
-
Click Save.
Step 2: Configure a syslog server on a SonicWall firewall
-
Log in to the SonicWall console as an administrator.
-
In the menu bar, click DEVICE.
-
In the navigation pane, click Log > Syslog.
-
Click the Syslog Servers tab.
-
Click +Add.
-
In the Add Syslog Server dialog, do the following:
- Name or IP Address — Select your Arctic Wolf physical or virtual sensor name from the list.
- Port — Enter 514.
- Server Type — Select Syslog Server from the list.
-
Click Add.
-
Contact your Concierge Security® Team to inform them that you have configured syslog forwarding, and to validate that the logs are being ingested appropriately. Include the following information:
- Confirmation that you have completed the steps in this configuration guide.
- The IP address you used during the configuration.
- Any other questions or comments that you have.