SonicWall Network (syslog)

Set up the SonicWall connector for syslog forwarding.

In this guide, you will set up the SonicWall connector within Radiant Security. This guide also provide steps for syslog configuration on the firewall itself. This is required in order to forward SonicWall logs to Radiant Security.

Note: SonicWall does not have the capability of sending logs using TCP and Secure Syslog without the use of an intermediary syslog relay server.

Prerequisites

Add the data connector in Radiant Security

  1. Log in to Radiant Security.

  2. From the navigation menu, click Settings > Data Connectors and click + Add Connector.

  3. Search for and select the Radiant Agent option and then click Data Feeds.

  4. Under Select your data feeds, select SonicWall Firewall Syslog and then click Credentials.

  5. Under Credential Name, give the credential an identifiable name (e.g. Radiant Agent Integration). If you already have a Radiant Agent in place, select it from the drop-down menu.

  6. Click Add Connector.

Configure a local Radiant Security Agent

Refer to the Install the Radiant Security Agent guide to set up a local agent to collect the logs.

Configure the SonicWall Firewall

  1. Login to your SonicWall Firewall.

  2. On the top navigation bar, click Device.

  1. On the left navigation list, click Log > Settings.

  1. Set the Logging Level as Informative, and the Alert Level as Alert. Click Accept to save the changes.

  1. On the Category column, expand the Network category and then expand TCP.

  2. Enable the Syslog toggle for the following entries, while leaving the rest as default:

    • TCP LAN DENY

    • TCP Connection Reject

    • TCP Connection Abort

  3. On the TCP Connection Reject and TCP Connection Abort entries, click the debug text under the Priority column, and change it to inform.

  1. Still under Network, expand the UDP category to make sure the three entries have the Syslog toggle enabled. If not, enable all three of them.

  1. Click Accept to save the changes.

  2. On the left navigation list, click Log > Syslog.

  1. Click Enhanced Syslog Fields Settings and verify that each field is toggled on. Click Save.

  1. Click Syslog Servers, and then click Add. Fill in the page with the following details:

    • Event Profile: 0

    • Name or IP Address: Enter the name or IP address of your syslog server.

  2. Click Create an Address Object and add the following settings:

    • Name: Radiant Security Syslog Connector

    • Zone Assignment: LAN

    • Type: Host

    • IP Address: Enter the IP address of your local Radiant Agent deployed previously.

  1. Click Save and then click Go Back.

  2. Continue adding the remaining settings:

    • Port: Enter the port configured in your Radiant Agent to receive SonicWall Firewall data

    • Server Type: Syslog Server

    • Syslog Format: Enhanced Syslog

    • Syslog Facility: Local use 0

    • Syslog ID: Leave it empty

    • Enable Event Rate Limiting: Disabled

    • Enable Data Rate Limiting: Disabled

  3. Click Add to save your changes.

PreviousSentinelOne Singularity Data LakeNextSophos Intercept X

Last updated