Log_logCategoriesView
Log > Categories
This chapter provides configuration tasks to enable you to categorize and customize the logging functions on your SonicWALL security appliance for troubleshooting and diagnostics.
Note You can extend your SonicWALL security appliance log reporting capabilities by using SonicWALL ViewPoint. ViewPoint is a Web-based graphical reporting tool for detailed and comprehensive reports. For more information on the SonicWALL ViewPoint reporting tool, refer to www.sonicwall.com. Log Severity/Priority
This section provides information on configuring the level of priority log messages are captured and corresponding alert messages are sent through e-mail for notification.
Logging Level
The Logging Level control filters events by priority. Events of equal of greater priority are passed, and events of lower priority are dropped. The Logging Level menu includes the following priority scale items from highest to lowest priority:
• Alert
• Critical
• Error
• Warning
• Notice Alert Level
The Alert Level control determines how E-mail Alerts are sent. An event of equal or greater priority causes an E-mail alert to be issued. Lower priority events do not cause an alert to be sent. Events are pre-filtered by the Logging Level control, so if the Logging Level control is set to a higher priority than that of the Alert Level control, only alerts at the Logging Level or higher are sent. Alert levels include:
• Alert
• Critical
• Error Log Redundancy Filter
The Log Redundancy Filter allows you to define the time in seconds that the same attack is logged on the Log > View page as a single entry in the SonicWALL log. Various attacks are often rapidly repeated, which can quickly fill up a log if each attack is logged. The Log Redundancy Filter has a default setting of 60 seconds.
Alert Redundancy Filter
The Alert Redundancy Filter allows you to define the time in seconds that the same attack is logged on the Log > View page as a single entry in the SonicWALL log before an alert is issued. The Alert Redundancy Filter has a default setting of 900 seconds.
Log Categories
SonicWALL security appliances provide automatic attack protection against well known exploits. The majority of these legacy attacks were identified by telltale IP or TCP/UDP characteristics, and recognition was limited to a set of fixed layer 3 and layer 4 values. As the breadth and sophistication of attacks evolved, it has become essential to dig deeper into the traffic, and to develop the sort of adaptability that could keep pace with the new threats.
All SonicWALL security appliances, even those running SonicWALL IPS, continue to recognize these legacy port and protocol types of attacks. The current behavior on all SonicWALL security appliances devices is to automatically and holistically prevent these legacy attacks, meaning that it is not possible to disable prevention of these attacks either individually or globally.
SonicWALL security appliances now include an expanded list of attack categories that can be logged.
The View Style menu provides the following three log category views:
• All Categories - Displays both Legacy Categories and Expanded Categories .
• Legacy Categories - Displays log categories carried over from earlier SonicWALL log event categories.
• Expanded Categories - Displays the expanded listing of categories that includes the older Legacy Categories log events rearranged into the new structure. The following table describes both the Legacy and Extended log categories.
Logs messages showing Denial of Service attacks, such as SYN Flood, Ping of Death, and IP spoofing
Authenticated Access
Logs Java, ActiveX, and Cookies blocked by the SonicWALL security appliance
Logs Web sites or news groups blocked by the Content Filter List or by customized filtering
Logs all LAN IP addresses denied by the SonicWALL security appliance
Dynamic Address Objects
Logs NetBIOS broadcasts, ARP resolution problems, and NAT resolution problems. Also, detailed messages for VPN connections are displayed to assist the network administrator with troubleshooting problems with active VPN tunnels. Network Debug information is intended for experienced network administrators.
Remote Authentication
SSO Agent Authentication
Logs Single Sign On (SSO) agent authentication attempts and activity
System Environment
System Maintenance
Managing Log Categories
The Log Categories table displays log category information organized into the following columns:
• Category - Displays log category name.
• Description - Provides description of the log category activity type.
• Log - Provides checkbox for enabling/disabling the display of the log events in on the Log > View page.
• Alerts - Provides checkbox for enabling/disabling the sending of alerts for the category.
• Syslog - Provides checkbox for enabling/disabling the capture of the log events into the SonicWALL security appliance Syslog.
• Event Count - Displays the number of events for that category. Clicking the Refresh button updates these numbers. You can sort the log categories in the Log Categories table by clicking on the column header. For example, clicking on the Category header sorts the log categories in descending order from the default ascending order. An up or down arrow to the left of the column name indicates whether the column is assorted in ascending or descending order.
You can enable or disable Log , Alerts , and Syslog on a category by category basis by clicking on the check box for the category in the table. You can enable or disable Log , Alerts , and Syslog for all categories by clicking the checkbox on the column header.