How can I check if SonicWall sends out logs to syslog server and syslog server receives them?
03/26/2020 835 23089
SonicWall Analyzer Reporting Module is a software application that creates dynamic, Web-based network reports. The Analyzer Reporting Module generates both real-time and historical reports to offer a complete view of all activity through SonicWall network security appliances. With Analyzer Reporting, you can monitor network access, enhance security, and anticipate future bandwidth needs.
This article illustrates the process of checking how SonicWall sends out Syslogs on UDP port 514 to the syslog server existing on the network and also how the syslog server receives the log files as Syslogs from the SonicWall.
Performing packet capture on SonicWall
- Login to the SonicWall web management.1.
- Navigate to System | Packet Monitor page in the GUI and click configure.
- In the Monitor Filter tab, specify below information.
- Ether Type(s): IP
- IP Type(s): UDP
- Destination Port(s): 514
- Enable the check box "Enable Bidirectional Address and Port Matching
- In the Display Filter tab, ensure all the check boxes are enabled.
- In the Advanced Monitor Filter tab, enable the check boxes.
- Monitor Firewall Generated Packets. (This will bypass interface filter)
- Monitor Intermediate Packets.
- Click OK.
- Click on Start Capture in the Packet Monitor page to see the UDP 514 packets getting generated from SonicWall destined for syslog server IP address as shown below in the screenshot.
Viewing Syslogs on Analyzer
- Login to the SonicWall Analyzer sgms management page.
- Navigate to Firewall tab and click Global View.
- Navigate to Real-Time Viewer |Syslog. By default real time viewer page has syslog forwarding turned off.
- Click Settings to enable the Syslog Forwarding.
- After enabling the check box Enable Syslog Forwarding, there is a Settings Manager - Message window. Click OK .
- Set the Reader IP Address, Reader Port, and Reader Buffer Size to the default and click Update.
- Click Start to start real-time syslog reading.
- After few seconds, the Syslogs should be displayed as shown below in the screenshot. These Syslogs confirms that the syslog server is able to receive Syslogs from SonicWall.