SonicWall Logs

Updated Aug 31, 2023

SonicWall Logs

Arctic Wolf® supports syslog server monitoring to enhance your network security. You can configure syslog forwarding from SonicWall® Global Management System (GMS) or your SonicWall firewall:

Configure SonicWall firewall to send logs to Arctic Wolf

  1. Configure an Address Object for the Arctic Wolf Sensor.
  2. Configure your SonicWall device for security monitoring.
  3. Enable firewall rule change logging.
  4. (Optional) Enable enhanced audit logging support.
  5. Provide configuration details to Arctic Wolf.

Requirements

Step 1: Configure an Address Object for the Arctic Wolf sensor

SonicWall uses object classes to define entities such as the Arctic Wolf sensor.

Based on your SonicOS version, complete one of the following:

Step 2: Configure your SonicWall device for security monitoring

Based on your SonicOS version, complete one of the following:

Step 3: Enable firewall rule change logging

Based on your SonicOS version, complete one of the following:

Step 4: Enable enhanced audit logging support

Based on your SonicOS version, complete one of the following:

Step 5: Provide your configuration details to Arctic Wolf

  1. Go to the Arctic Wolf® Unified Portal.

  2. Click Help > Open a New Ticket.

  3. Include the following information in the message for your Concierge Security® Team (CST):

    • Confirmation that you have completed the steps in this configuration guide.
    • The IP address and/or hostname of the SonicWall firewall.
    • Any other questions or comments that you have.
  4. Click Send Message.

  5. Your CST reviews the details and confirms that Arctic Wolf is successfully processing the logs from your SonicWall firewall.

Configure SonicWall GMS to send logs to Arctic Wolf

Note: Depending on log settings, this configuration may cause limitations for alerting. Please discuss this configuration with your CST or Deployment representative for alternatives.

You can use SonicWall GMS, a web-based application, to configure and manage multiple SonicWall firewall appliances from one location.

Requirements

Steps

  1. Sign in to the SonicWall GMS console as an administrator.

  2. In the browser, go to gms-ip/appliance/techSupport.html.

  3. If a Warning dialog appears, click Accept.

  4. In the Configuration File editor section, click Edit.

  5. For the server that receives the forwarded logs, do the following:

    • syslog.forwardToHost — Enter the IP address of your Arctic Wolf physical or virtual sensor.
    • syslog.forwardToHostPort — Enter 514.
  6. Click Update.

  7. Restart the Arctic Wolf virtual or physical sensor.

  8. Contact your Concierge Security® Team to inform them that you have configured syslog forwarding, and to validate that the logs are being ingested appropriately.

See also