SonicWall Logs

Updated Nov 10, 2023

Configure SonicWall GMS to send logs to Arctic Wolf

Note: Depending on log settings, this configuration can cause limitations for alerting. Please discuss this configuration with your CST or Deployment representative for alternatives.

You can configure SonicWall® GMS to send the necessary logs to Arctic Wolf® for security monitoring.

SonicWall GMS is a web-based application that allows you to configure and manage multiple SonicWall firewall appliances from one location.

Requirements

Steps

  1. Configure log forwarding.
  2. Provide your SonicWall GMS information to Arctic Wolf.

Step 1: Configure log forwarding

  1. Sign in to the SonicWall GMS console with administrator permissions.

  2. In a browser tab, go to GMS Tech Support.

  3. If a Warning dialog appears, click Accept.

  4. In the Configuration File editor section, click Edit.

  5. For the server that receives the forwarded logs, configure these settings:

    • syslog.forwardToHost — Enter the IP address of your Arctic Wolf physical or virtual sensor.
    • syslog.forwardToHostPort — Enter 514.
  6. Click Update.

  7. Restart the Arctic Wolf virtual or physical sensor.

Step 2: Provide your SonicWall GMS information to Arctic Wolf

  1. Sign in to the Arctic Wolf® Unified Portal.

  2. Click Help > Open a New Ticket.

  3. On the Open a New Ticket page, configure these settings:

    • What is this ticket related to? — Select General request.
    • Subject — Enter Syslog changes.
    • Related ticket (optional) — Keep blank.
    • Message — Enter this information for your Concierge Security® Team (CST):
      • Confirmation that you completed the steps in this configuration guide.
      • The IP address or hostname you used during the configuration.
      • Any questions or comments that you have.
  4. Click Send Message.

    Your CST will review the details, and then confirm that Arctic Wolf is successfully processing the logs.

See also