Firewall not sending syslog
03/26/2020 129 People found this article helpful 45,835 Views
After adding a syslog server or GMS/Analyzer to the SonicWall no syslog packets are seen in the packet capture.
In order for the SonicWall to start generating syslog packets a certain log event ("Activate Firewall") needs to be sent as "Alert" during the boot process of the SonicWall.
Once this log event is generated the syslog process will be triggered and the SonicWall will start sending syslogs.
- Login to the SonicWall
- Open Log | Settings
- In the Log Category View, open System | Status
- Tick the Syslog, GUI and Alert boxes for the "Activate Firewall" event (ID 4) and click apply in the top right
- Reboot the firewall
After the firewall has rebooted, perform a packet capture to confirm that the SonicWall is indeed sending syslog packets.
Was This Article Helpful?