How to Configure SonicOS Syslog Settings for Microsoft Sentinel Integration?

Description

This article covers how to configure SonicOS to send CEF/ArcSight-formatted Syslog data to an Azure Monitor Agent (AMA) Forwarder or other Syslog server.

Instructions

Installing the Common Event Format data connector

  1. Log into your SonicWall firewall management UI.
  2. Create an Address Object for your AMA Forwarder.
    1. Resource: Understanding Address Objects in SonicOS
  3. Add your AMA Forwarder as a new Syslog server entry. To do this, navigate to DEVICE | Log > Syslog > Syslog Servers.
    1. Resource: How can I configure a syslog server on a SonicWall firewall?

For Microsoft Sentinel integration, use the following settings for your Syslog server entry:

  • The Syslog data is sent to the Syslog server/AMA Forwarder on UDP/514.
  • The server type is Syslog.
  • The format is ArcSight.
  • The facility should be Local use 4.

Related Articles

  • SonicOS 8.1.0 FAQ
    Read More
  • SonicWall GEN8 TZs and GEN8 NSas Settings Migration
    Read More
  • Getting started with SonicWall firewalls
    Read More

Categories

Firewalls
NSa Series
Firewalls
NSv Series
Firewalls
TZ Series
not finding your answers?
Ask the Community