SonicWall Logs
Updated Nov 10, 2023Configure a SonicWall firewall with SonicOS 6.5 to send logs to Arctic Wolf
You can configure a SonicWall® firewall with SonicOS 6.5 to send the necessary logs to Arctic Wolf® for security monitoring.
Requirements
- An activated Arctic Wolf Sensor
- Access to a SonicWall device with administrator permissions
Steps
- Configure an Address Object for the Arctic Wolf Sensor.
- Configure your SonicWall device for security monitoring.
- Enable firewall rule change logging.
- (Optional) Enable enhanced audit logging support.
- Provide your SonicWall Firewall information to Arctic Wolf.
Step 1: Configure an Address Object for the Arctic Wolf sensor
-
Sign in to your SonicWall device with administrator permissions.
-
In the menu bar, click MANAGE.
-
In the navigation menu, in the Policies section, click Objects > Address Objects.
-
Click the Address Objects tab.
-
Click + Add.
-
In the Add Address Object dialog, configure these settings:
- Name — Enter a name for the Arctic Wolf Sensor.
- Zone Assignment — Select the correct zone.
- Type — Select Host.
- IP Address — Enter the IP address of your Arctic Wolf physical or virtual sensor.
-
Click Add.
Step 2: Configure your SonicWall device for security monitoring
-
Sign in to your SonicWall device with administrator permissions.
-
In the menu bar, click MANAGE.
-
In the navigation menu, click Log Settings > SYSLOG.
-
Click ADD.
-
In the Add Syslog Server dialog, configure these settings:
- Name or IP Address — Select the address object from Configure an Address Object for the Arctic Wolf Sensor.
- Syslog Format — Select Enhanced.
-
Click OK.
Step 3: Enable firewall rule change logging
-
Sign in to your SonicWall device with administrator.
-
In the menu bar, click MANAGE.
-
In the navigation menu, click Log > Settings.
-
In the Firewall section, click Access Rules.
-
Click the GUI, Alert, Syslog, and Email toggles to the on position for these rules:
- Rule Deleted
- Rule Modified
- Rule Added
-
Click Apply.
Step 4: Enable enhanced audit logging support
This step is optional.
- Sign in to your SonicWall device with administrator permissions.
- In the menu bar, click MANAGE.
- In the navigation menu, click Appliance > Base Settings.
- Select the Enhanced Audit Logging checkbox.
Step 5: Provide your SonicWall Firewall information to Arctic Wolf
-
Sign in to the Arctic Wolf® Unified Portal.
-
Click Help > Open a New Ticket.
-
On the Open a New Ticket page, configure these settings:
- What is this ticket related to? — Select General request.
- Subject — Enter
Syslog changes
. - Related ticket (optional) — Keep blank.
- Message — Enter this information for your Concierge Security® Team (CST):
- Confirmation that you completed the steps in this configuration guide.
- The IP address or hostname you used during the configuration.
- Any questions or comments that you have.
-
Click Send Message.
Your CST will review the details, and then confirm that Arctic Wolf is successfully processing the logs.