• SonicOS and SonicOSX 7 Device Log
• Settings
  • Filtering the Base Setup View
  • Configuring the Logging and Alert Levels
    • Setting the Logging Level
    • Setting the Alert Level
  • About Other Top Row Buttons
    • Edit Attributes of All Categories
    • Reset Event Count
    • Save Template
    • Import Template
      • Default Template
      • Minimal Template
      • Analyzer/ViewPoint/GMS Template
      • Firewall Action Template
      • Custom Template
    • View Logs
  • About the Log Settings Base Setup Table
    • Category Column
    • Color Column
    • ID Column
    • Priority Column
    • GUI Column
    • Alert Column
    • Syslog Column
    • Ipfix Column
    • Email Column
    • Event Count Column
    • Edit and Reset Count Icons
  • Configuring Event Attributes Globally
  • Configuring Event Attributes Selectively
    • Configuring Event Attributes by Category
    • Configuring Event Attributes by Group
    • Configuring Event Attributes by Event
    • About Filename Logging
• Syslog
  • About Event Profiles
  • About Syslog Server Profiling
  • Using a GMS Server for Syslog
  • Syslog Settings
  • Syslog Servers
    • Adding a Syslog Server
    • Editing a Syslog Server
    • Enabling Syslog Servers
    • Disabling Syslog Server
    • Deleting Syslog Servers
• Automation
  • Email Settings
  • Mail Server Settings
  • FTP Log Automation
  • Solera Capture Stack
• Name Resolution
• Reports
  • Data Collection
  • Viewing Data
  • Persistent Logging
• AWS
  • Enabling AWS Logs
• SonicWall Support
  • About This Document

Adding a Syslog Server

To add a Syslog server to the firewall.

1. Go to Device > Log > Syslog page.

2. Click Syslog Servers tab.

3. Click Add. The Add Syslog Server dialog appears.

   

4. Specify the Event Profile for this server in the Event Profile field. The minimum value is 0 (1 group), the maximum is 23 (24 groups), and the default is 0. Each group can have a maximum of 7 Syslog servers.

   For GMS, the Event Profile must be 0.

5. Select the Syslog server name or IP address from the Name or IP Address drop-down menu. Messages from the firewall are then sent to the servers.

6. If your Syslog server does not use default port 514, type the port number in the Port Number field.

7. Select the Syslog format from the Syslog Format drop-down menu. The default is Default; for all the options, see Syslog Formats.

   For GMS, the Syslog format must be Default.

8. Select the Syslog Facility from the Syslog Facility drop-down menu. The default is Local Use 0; for all the Syslog Facilities, see Syslog Facility.

   For GMS, the Syslog format must be Local Use 0.

9. In the Syslog ID field, type in the Syslog ID. The default ID is firewall.

10. Optionally, to limit events logged and therefore, prevent the internal or external logging mechanism from being overwhelmed by log events, select Enable Event Rate Limiting.

    Event rate limiting is applied regardless of Log Priority of individual events.

    Specify the maximum number of events in the Maximum Events Per Second field; the minimum number is 0, the maximum is 1000, and the default is 1000 per second.

11. Optionally, to limit events logged and therefore, prevent the internal or external logging mechanism from being overwhelmed by log events, select Enable Data Rate Limiting.

    Data rate limiting is applied regardless of Log Priority of individual events.

    Specify the maximum number of bytes in the Maximum Bytes Per Second field; the minimum is number is 0, the maximum is 1000000000, and the default is 10000000 bytes per second. This control limits data logged to prevent the internal or external logging mechanism from being overwhelmed by log events.

12. To bind to a VPN tunnel and create a network monitor policy in NDPP mode:

    1. Optionally, choose an interface from the Local Interface drop-down menu.
    2. Optionally, choose an Interface from the Outbound Interface drop-down menu.
13. Click Add.