Log Types: SonicWall
- Leigh Purdie (Unlicensed)
Overview
Sonicwall produces network firewall that include features such as unified threat management (UTM), virtual private networks (VPNs), and anti-spam for email.
Collection
On your sonicwall management interface, go to the Log > Syslog page.
The Syslog Facility may be left as the factory default.
From the Syslog Format menu list, choose the ‘default’ SonicWall Syslog format.
In the Syslog ID field, enter the Syslog ID that you want.
A Syslog ID field is included in all generated Syslog messages, prefixed by “id= ". Thus, for the default value, firewall, all Syslog messages include "id=firewall." The ID can be set to a string consisting of 0 to 32 alphanumeric and underscore characters, and is generally set to the hostname of the associated firewall.
When you’ve finished setting the Syslog options, click Accept at the top of the page.
Â
Sample Events
Jan 13 13:42:07 192.168.0.9 id=sonicwall_css sn=18B09275C time="2007-01-13 13:42:07" fw=1.1.1.1 pri=6 c=1024 m=537 msg="Connection Closed" n=567997 src=192.168.5.56:4277:LAN dst=192.168.1.100:1026:WAN proto=tcp/1026 sent=3590 rcvd=13042 vpnpolicy="name"
Fields
Field | Description |
|---|---|
DATE | Event date, in the format YYYY-MM-DD |
TIME | Event time, in the format HH:MM:SS |
SYSTEM | The source system |
TABLE | SonicWall |
EVENTID | Numeric event identifier |
CATEGORY | category (c=) value |
PRIORITY | Priority (p=) value |
FWADDR | IP address of the firewall |
PROTO | Protocol |
SRCADDR | Source address |
SRCPORT | Source port |
DSTADDR | Destination address |
DSTPORT | Destination port |
MESSAGE | msg field |
STRINGS | Any other content within the event, that is not assigned to the fields above - generally in key=value format, with space separators |
Notes
http://help.sonicwall.com/help/sw/eng/9320/25/9/0/content/Ch134_Log_Syslog.156.4.html