# SonicWall Network (syslog) In this guide, you will set up the SonicWall connector within Radiant Security. This guide also provide steps for syslog configuration on the firewall itself. This is required in order to forward SonicWall logs to Radiant Security. {% hint style="info" %} **Note**: SonicWall does not have the capability of sending logs using TCP and Secure Syslog without the use of an intermediary syslog relay server. {% endhint %} ### **Prerequisites** * [ ] SonicWall: Full Admin User in Config Mode ### Add the data connector in Radiant Security 1. Log in to [Radiant Security](https://app.radiantsecurity.ai/). 2. From the navigation menu, click **Settings** > **Data Connectors** and click **+ Add Connector**. 3. Search for and select the **Radiant Agent** option and then click **Data Feeds.** 4. Under **Select your data feeds**, select **SonicWall Firewall Syslog** and then click **Credentials.** 5. Under **Credential Name,** give the credential an identifiable name (e.g. `Radiant Agent Integration`). If you already have a Radiant Agent in place, select it from the drop-down menu. 6. Click **Add Connector.** ### Configure a local Radiant Security Agent Refer to the [Install the Radiant Security Agent](https://help.radiantsecurity.ai/radiant-connectors/data-connectors/install-the-radiant-security-agent) guide to set up a local agent to collect the logs. ### Configure the SonicWall Firewall 1. Login to your SonicWall Firewall. 2. On the top navigation bar, click **Device.**

3. On the left navigation list, click **Log > Settings.**

4. Set the **Logging Level** as **Informative,** and the **Alert Level** as **Alert.** Click **Accept** to save the changes.

5. On the **Category** column, expand the **Network** category and then expand **TCP.** 6. Enable the **Syslog** toggle for the following entries, while leaving the rest as default: * **TCP LAN DENY** * **TCP Connection Reject** * **TCP Connection Abort** 7. On the **TCP Connection Reject** and **TCP Connection Abort** entries, click the **debug** text under the **Priority** column, and change it to **inform**.

8. Still under **Network,** expand the **UDP** category to make sure the three entries have the **Syslog** toggle enabled. If not, enable all three of them.

9. Click **Accept** to save the changes. 10. On the left navigation list, click **Log > Syslog.**

11. Click **Enhanced Syslog Fields Settings** and verify that each field is toggled on. Click **Save.**

12. Click **Syslog Servers,** and then click **Add**. Fill in the page with the following details: * **Event Profile**: 0 * **Name or IP Address**: Enter the name or IP address of your syslog server. 13. Click **Create an Address Object** and add the following settings: * **Name**: `Radiant Security Syslog Connector` * **Zone** **Assignment**: LAN * **Type**: Host * **IP** **Address**: Enter the **IP** **address** of your local Radiant Agent deployed previously.

14. Click **Save** and then click **Go Back.** 15. Continue adding the remaining settings: * **Port**: Enter the port configured in your Radiant Agent to receive SonicWall Firewall data * **Server Type**: Syslog Server * **Syslog Format**: Enhanced Syslog * **Syslog Facility**: Local use 0 * **Syslog ID**: Leave it empty * **Enable Event Rate Limiting**: Disabled * **Enable Data Rate Limiting**: Disabled 16. Click **Add** to save your changes.

--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://help.radiantsecurity.ai/radiant-connectors/data-connectors/sonicwall-network-syslog.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.