SonicWall Logs

Updated Nov 10, 2023

Configure SonicWall GMS to send logs to Arctic Wolf

Note: Depending on log settings, this configuration can cause limitations for alerting. Please discuss this configuration with your CST or Deployment representative for alternatives.

You can configure SonicWall® GMS to send the necessary logs to Arctic Wolf® for security monitoring.

SonicWall GMS is a web-based application that allows you to configure and manage multiple SonicWall firewall appliances from one location.



  1. Configure log forwarding.
  2. Provide your SonicWall GMS information to Arctic Wolf.

Step 1: Configure log forwarding

  1. Sign in to the SonicWall GMS console with administrator permissions.

  2. In a browser tab, go to GMS Tech Support.

  3. If a Warning dialog appears, click Accept.

  4. In the Configuration File editor section, click Edit.

  5. For the server that receives the forwarded logs, configure these settings:

    • syslog.forwardToHost — Enter the IP address of your Arctic Wolf physical or virtual sensor.
    • syslog.forwardToHostPort — Enter 514.
  6. Click Update.

  7. Restart the Arctic Wolf virtual or physical sensor.

Step 2: Provide your SonicWall GMS information to Arctic Wolf

  1. Sign in to the Arctic Wolf® Unified Portal.

  2. Click Help > Open a New Ticket.

  3. On the Open a New Ticket page, configure these settings:

    • What is this ticket related to? — Select General request.
    • Subject — Enter Syslog changes.
    • Related ticket (optional) — Keep blank.
    • Message — Enter this information for your Concierge Security® Team (CST):
      • Confirmation that you completed the steps in this configuration guide.
      • The IP address or hostname you used during the configuration.
      • Any questions or comments that you have.
  4. Click Send Message.

    Your CST will review the details, and then confirm that Arctic Wolf is successfully processing the logs.

See also