Configuring Syslog Settings

To configure the Syslog settings on your firewall:
1
Go to the Log > Syslog page.
2
The Syslog Facility may be left as the factory default. Optionally, however, in the Syslog Settings section, from the Syslog Facility menu, select the Syslog Facility appropriate to your network:
3
4
From the Syslog Format menu list, select the Syslog format that you want:
Default – Use the default SonicWall Syslog format.
WebTrends – Use the WebTrends Syslog format. You must have WebTrends software installed on your system.
Enhanced Syslog – Use the Enhanced SonicWall Syslog format.
ArcSight – Use the Arcsight Syslog format. The Syslog server must be configured with the ArcSight Logger application to decode the ArcSight messages. ArcSight Logger runs on a Linux 64-bit platform with CentOS 5.4.

If you select Enhanced Syslog or Arcsight, the configure icon becomes active. Clicking on the configure icon launches a configuration dialog where you can select the specific settings that you want to log.

5
Default or WebTrends, go to Step 13.
6
(Optional) If you selected Enhanced Syslog, click the configure icon. The Enhanced Syslog configuration dialog appears.

7
(Optional) Select the Enhanced Syslog options that you want to log. To select all options, click Select All. To deselect all options, click Clear All.
8
Click Save.
9
10
(Optional) If you selected ArcSight, click the configure icon. The ArcSight configuration dialog appears.

11
(Optional) Select the ArcSight options that you want to log. To select all options, click Select All. To deselect all options, click Clear All.
12
Click Save.
13
In the Syslog ID field, enter the Syslog ID that you want.

A Syslog ID field is included in all generated Syslog messages, prefixed by “id= ". Thus, for the default value, firewall, all Syslog messages include "id=firewall." The ID can be set to a string consisting of 0 to 32 alphanumeric and underscore characters.

NOTE: The Syslog ID field is fixed to firewall when the Override Syslog Settings with Reporting Software Settings option is enabled, and therefore, cannot be modified.
14
(Optional) Select Enable Event Rate Limiting if you want it. This control allows you to enable rate limiting of events to prevent the internal or external logging mechanism from being overwhelmed by log events. Specify the maximum number of events in the Maximum Events Per Second field; the minimum number is 0, the maximum is 1000, and the default is 1000 per second.
15
(Optional) Select the Enable Data Rate Limiting if you want it. This control allows you to enable rate limiting of data to prevent the internal or external logging mechanism from being overwhelmed by log events. Specify the maximum number of bytes in the Maximum Bytes Per Second field; the minimum is number is 0, the maximum is 1000000000, and the default is 10000000 bytes per second.
16
(Optional) Select the Enable NDPP Enforcement for Syslog Server if you want it.
17