SonicWall® Logs

Configuration Guide

Updated Jan 27, 2023

SonicWall® Logs

SonicWall® Logs Direct link to this section

Arctic Wolf® supports syslog server monitoring to enhance your network security. You can configure syslog forwarding from SonicWall® Global Management System (GMS) or your SonicWall® firewall:

Configure SonicWall® firewall to send logs to Arctic Wolf Direct link to this section

  1. Configure an Address Object for the Arctic Wolf Sensor.
  2. Configure your SonicWall® device for security monitoring.
  3. Enable firewall rule change logging.
  4. (Optional) Enable enhanced audit logging support.
  5. Provide configuration details to Arctic Wolf.

Step 1: Configure an Address Object for the Arctic Wolf sensor Direct link to this section

SonicWall® uses object classes to define entities such as the Arctic Wolf sensor.

Based on your SonicOS version, complete one of the following:

Step 2: Configure your SonicWall® device for security monitoring Direct link to this section

Based on your SonicOS version, complete one of the following:

Step 3: Enable firewall rule change logging Direct link to this section

Based on your SonicOS version, complete one of the following:

Step 4: Enable enhanced audit logging support Direct link to this section

Based on your SonicOS version, complete one of the following:

Step 5: Provide your configuration details to Arctic Wolf Direct link to this section

  1. Go to the Arctic Wolf® Unified Portal.

  2. Click Help > Open a New Ticket.

  3. Include the following information in the message for your Concierge Security® Team (CST):

    • Confirmation that you have completed the steps in this configuration guide.
    • The IP address and/or hostname of the SonicWall® firewall.
    • Any other questions or comments that you have.
  4. Click Send Message.

  5. Your CST reviews the details and confirms that Arctic Wolf is successfully processing the logs from your SonicWall® firewall.

Configure SonicWall® GMS to send logs to Arctic Wolf Direct link to this section

Note: Depending on log settings, this configuration may cause limitations for alerting. Please discuss this configuration with your CST or Deployment representative for alternatives.

You can use SonicWall® GMS, a web-based application, to configure and manage multiple SonicWall® firewall appliances from one location.

  1. Sign in to the SonicWall® GMS console as an administrator.

  2. In the browser, go to gms-ip/appliance/techSupport.html.

  3. If a Warning dialog appears, click Accept.

  4. In the Configuration File editor section, click Edit.

  5. For the server that receives the forwarded logs, do the following:

    • syslog.forwardToHost — Enter the IP address of your Arctic Wolf physical or virtual sensor.
    • syslog.forwardToHostPort — Enter 514.
  6. Click Update.

  7. Restart the Arctic Wolf virtual or physical sensor.

  8. Contact your Concierge Security® Team to inform them that you have configured syslog forwarding, and to validate that the logs are being ingested appropriately.

See also Direct link to this section