SonicWall Logs
Updated Nov 10, 2023Configure SonicWall GMS to send logs to Arctic Wolf
Note: Depending on log settings, this configuration can cause limitations for alerting. Please discuss this configuration with your CST or Deployment representative for alternatives.
You can configure SonicWall® GMS to send the necessary logs to Arctic Wolf® for security monitoring.
SonicWall GMS is a web-based application that allows you to configure and manage multiple SonicWall firewall appliances from one location.
Requirements
- An activated Arctic Wolf Sensor
- Access to the SonicWall GMS console with administrator permissions
Steps
Step 1: Configure log forwarding
-
Sign in to the SonicWall GMS console with administrator permissions.
-
In a browser tab, go to GMS Tech Support.
-
If a Warning dialog appears, click Accept.
-
In the Configuration File editor section, click Edit.
-
For the server that receives the forwarded logs, configure these settings:
- syslog.forwardToHost — Enter the IP address of your Arctic Wolf physical or virtual sensor.
- syslog.forwardToHostPort — Enter
514
.
-
Click Update.
-
Restart the Arctic Wolf virtual or physical sensor.
Step 2: Provide your SonicWall GMS information to Arctic Wolf
-
Sign in to the Arctic Wolf® Unified Portal.
-
Click Help > Open a New Ticket.
-
On the Open a New Ticket page, configure these settings:
- What is this ticket related to? — Select General request.
- Subject — Enter
Syslog changes
. - Related ticket (optional) — Keep blank.
- Message — Enter this information for your Concierge Security® Team (CST):
- Confirmation that you completed the steps in this configuration guide.
- The IP address or hostname you used during the configuration.
- Any questions or comments that you have.
-
Click Send Message.
Your CST will review the details, and then confirm that Arctic Wolf is successfully processing the logs.