NSM - Firewall System Events and Filters

Description

Sometimes investigators want to search for some certain system events that happened on firewall. This can be done in NSM. 

In NSM, go to Inventories and click the firewall in question, click on Monitor/System Events/All Logs/, the system events for this firewall are displayed:

Image

 

Adjust the time frame (slider or custom) to the desired period of time. You can search keywords like 'link' or 'interface' directly in the 'Search' box, or click on the 'Filter' button, then enter the criteria, example Destination IP like this:

Image

 

The results can be exported to CSV format file. You can also click 'Sync Event Config' to request NSM collect latest system events from firewall.

Authentication logs like admin login, user login, failed login can be searched the same way.

Related Articles

  • SonicWall NSM FQDN And IP List
    Read More
  • How can I enable Zero Touch?
    Read More
  • How to add a firewall to NSM manually
    Read More

Categories

Capture Security Center
Management
not finding your answers?
Ask the Community