SonicOS/X 7 Device Log

Download PDF
Technical Documentation > SonicOS/X 7 Device Log > Syslog > Syslog Settings

Syslog Settings

The Device > Log > Syslog page enables you to configure the various settings you want when you send the log to a Syslog server. You can choose the Syslog facility and the Syslog format.

If you are using SonicWall’s Global Management System (GMS) to manage your firewall, the Syslog Format is set to Default and the Syslog ID is set to firewall. Therefore, these fields are grayed-out and cannot be modified. All other fields, however, can still be customized as needed.

To configure Syslog settings on your firewall:

  1. Navigate to Device > Log > Syslog page.

  2. In the Syslog ID field, enter the Syslog ID. The default is firewall.

    A Syslog ID field is included in all generated Syslog messages, prefixed by id=. Therefore, for the default value, firewall, all Syslog messages include id=firewall. The ID can be set to a string consisting of 0 to 32 alphanumeric and underscore characters.

  3. The Syslog Facility might be left as the factory default. Optionally, however, from the Syslog Facility drop-down menu, select the Syslog Facility appropriate to your network:

    Syslog Facility
    Kernel UUCP Subsystem Local Use 0
    User-Level Messages Clock Daemon (BSP Linux) Local Use 1
    Mail System AUTHPRV Security/Authorization Messages Local Use 2
    System Daemons FTP Daemon Local Use 3
    Security/Authorization Messages NTP Subsystem Local Use 4
    Messages Generated Internally by syslogd Log Audit Local Use 5
    Line Printer Subsystem Log Alert Local Use 6
    Network News Subsystem Clock Daemon (Solaris) Local Use 7

  4. Limiting Saved Records - You can limit the maximum number of events logged to prevent the internal or external logging mechanism from being overwhelmed by logged events. Enable Data Rate Limiting is used to accomplish this action.

    Data rate limiting is applied regardless of the Log Priority of individual events.

    Specify the maximum number of bytes in the Maximum Bytes Per Second field. The default minimum is 0, and the maximum is 1,000,000,000. The default maximum is 10,000,000 bytes per second.

  5. From the Syslog Format drop-down menu, select the Syslog format:

    Syslog Formats
    Default

    Default SonicWall Syslog format.

    This format is required for GMS or Reporting software.
    WebTrends WebTrends Syslog format. You must have WebTrends software installed on your system.
    Enhanced Syslog Enhanced SonicWall Syslog format.
    ArcSight

    ArcSight Syslog format. The Syslog server must be configured with the ArcSight Logger application to decode the ArcSight messages.

  6. If you selected:

    • Default or WebTrends, go to Step 14.
    • Enhanced Syslog, go to Step 7.

    • ArcSight, go to Step 11.

  7. (Optional) If you selected Enhanced Syslog, click the Enhanced Syslog Fields Settings Configure icon. The Enhanced Syslog Field Settings pop-up dialog displays.

  8. (Optional) Select the Enhanced Syslog options to log. By default, all options are selected; the Host (sn) and Event ID (m) options are dimmed as they cannot be changed. To:

    • Select all options, click Select All.
    • Deselect all options, click Clear All.
    • Select only some options, either:
      • Click Clear All, then select only those options to log.
      • Deselect only those options to not log.

  9. Click Save.

  10. Go to Step 14.

  11. Optionally, if you selected ArcSight, click the ARCSight CEF Fields Settings Configure icon. ArcSight CEF Fields Settings pop-up dialog displays.

  12. Optionally, select the ArcSight options to log. By default, all options are selected; the Host and Event ID options are dimmed as they cannot be changed. To:

    • Select all options, click Select All.

    • Deselect all options, click Clear All.

    • Select only some options, either:

      • Click Clear All, then select only those options to log.
      • Deselect only those options to not log.
  13. Click Save.

  14. Optionally, specify the maximum number of events in the Maximum Events Per Second field; the minimum number is 0 per second, the maximum is 1000 per second, and the default is 1000. This option limits events logged to prevent the internal or external logging mechanism from being overwhelmed by log events.

    Event rate limiting is applied regardless of Log Priority of individual events.

  15. Optionally, specify the maximum number of bytes in the Maximum Bytes Per Second field; the minimum is number is 0 bytes per second, the maximum is 1000000000 bytes per second, and the default is 10000000. This control limits data logged to prevent the internal or external logging mechanism from being overwhelmed by log events.

    Data rate limiting is applied regardless of Log Priority of individual events.

  16. Optionally, select the Enable NDPP Enforcement for Syslog Server.
  17. Click Accept.

Was This Article Helpful?

Help us to improve our support portal

Yes! Not Really

Techdocs Article Helpful form

  • Hidden
  • Hidden

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.
  • Hidden
  • Hidden