Log_logSyslogView

Log > Syslog

In addition to the standard event log, the SonicWALL security appliance can send a detailed log to an external Syslog server. The SonicWALL Syslog captures all log activity and includes every connection source and destination IP address, IP service, and number of bytes transferred. The SonicWALL Syslog support requires an external server running a Syslog daemon on UDP Port 514. Syslog Analyzers such as SonicWALL ViewPoint or WebTrends Firewall Suite can be used to sort, analyze, and graph the Syslog data. Messages from the SonicWALL security appliance are then sent to the server(s). Up to three Syslog server IP addresses can be added.

Syslog Settings

Syslog Facility

Syslog Facility - Allows you to select the facilities and severities of the messages based on the syslog protocol.
Note
See RCF 3164 - The BSD Syslog Protocol for more information.
Override Syslog Settings with ViewPoint Settings - Check this box to override Syslog settings, if you’re using SonicWALL ViewPoint for your reporting solution.
Note
For more information on SonicWALL ViewPoint, go to http://www.sonicwall.com .
Syslog Event Redundancy Filter (seconds) - This setting prevents repetitive messages from being written to Syslog. If duplicate events occur during the period specified in the Syslog Event Redundancy Rate field, they are not written to Syslog as unique events. Instead, the additional events are counted, and then at the end of the period, a message is written to the Syslog that includes the number of times the event occurred. The Syslog Event Redundancy Filter default value is 60 seconds and the maximum value is 86,400 seconds (24 hours). Setting this value to 0 seconds sends all Syslog messages without filtering.
Syslog Format - You can choose the format of the Syslog to be Default or WebTrends . If you select WebTrends , however, you must have WebTrends software installed on your system.
Note
If the SonicWALL security appliance is managed by SonicWALL GMS, the Syslog Server fields cannot be configured by the administrator of the SonicWALL security appliance.
Enable Event Rate Limiting - This control allows you to enable rate limiting of events to prevent the internal or external logging mechanism from being overwhelmed by log events.
Enable Data Rate Limiting - This control allows you to enable rate limiting of data to prevent the internal or external logging mechanism from being overwhelmed by log events.

Syslog Servers

Adding a Syslog Server

To add syslog servers to the SonicWALL security appliance

Step 1
Click Add . The Add Syslog Server window is displayed.
Step 2
Type the Syslog server name or IP address in the Name or IP Address field. Messages from the SonicWALL security appliance are then sent to the servers.
Step 3
If your syslog is not using the default port of 514 , type the port number in the Port Number field.
Step 4
Click OK .
Step 5
Click Accept to save all Syslog Server settings.