How can I configure a syslog server on a SonicWall firewall?

This article provides information on how to setup a syslog server on a SonicWall firewall. Please note: this is different than setting up an app flow server.

Pre-requisite:

•  Must have GMS server or On-Prem Analytics server installed and configured.
• Have an Address Object Created on the Firewall for SonicWall Analytics system.

Resolution for SonicOS 7.X

This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.

1. Navigate to Device|Log|Syslog
2. Select Syslog Servers and Click on Add
   
   
   
3. Select the Name or IP address of the Syslog server from the dropdown.
   
   
4. Select Syslog Format as 'Enhanced'.
5. Click ‘OK’.

For testing, set up packet capture based on syslog port UDP 514 and generate traffic based on the event type.

1. Navigate to Monitor|Tools &  Monitor|Packet Monitor
2. Navigate to Advanced monitor filter tab and enable all the check boxes
3. Click on Save and start the packet capture
   
   

Test Results snap:

• Here, Source 192.168.x.x is the firewall generating the syslog traffic and forwarding it to the syslog server 192.168.x.x on UDP port 514.

Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.

Configuration

1. Login to the SonicWall firewall as admin.
2. Navigate to Manage | Log Settings | SYSLOG .
   
   
   
   
3. Under Syslog tab, Click on the Add button.
   
4.  Select the Name or IP address of the Syslog server from the dropdown.
5. Select Syslog Format as 'Enhanced'.
6. Click ‘OK’.
7. After a couple of seconds, newly added Syslog server will show up.
   

   NOTE: To set syslog settings using templates, please follow: 191018135555494.

    

SW5106