SonicOS 7.0 Objects
- SonicOS 7.0
- Match Objects
- Zones
- How Zones Work
- Default Zones
- Security Types
- Allow Interface Trust
- Effect of Wireless Controller Modes
- Zones Overview
- The Zones Page
- Adding a New Zone
- Adding a New Zone in Policy Mode
- Adding a New Zone in Classic Mode
- Configuring a Zone for Guest Access
- Configuring a Zone for Open Authentication and Social Login
- Configuring the WLAN Zone
- Configuring the RADIUS Server
- Configuring DPI-SSL Granular Control per Zone
- Enabling Automatic Redirection to the User-Policy Page
- Cloning a Zone
- Editing a Zone
- Deleting Custom Zones
- Addresses
- Addresses Page
- About UUIDs for Address Objects and Groups
- Working with Dynamic Address Objects
- Services
- URI Lists
- Schedules
- Dynamic Group
- Email Addresses
- Match Objects
- Countries
- Applications
- Web Categories
- Websites
- Match Patterns
- Custom Match
- Profile Objects
- Endpoint Security
- Bandwidth
- QoS Marking
- Content Filter
- DHCP Option
- Block Page
- Anti-Spyware
- Gateway Anti-Virus
- Log and Alerts
- Intrusion Prevention
- AWS
- Action Profiles
- Security Action Profile
- DoS Action Profile
- Action Objects
- App Rule Actions
- Content Filter Actions
- Object Viewer
- SonicWall Support
Adding Log and Alerts Profiles
To add a Log and Alert Profile
- Navigate to OBJECT | Profile Objects > Log and Alerts.
-
Click the Add icon.
By the default, General tab opens.
- Enter a Name for Log and Alerts Profile.
-
Set the Frequency Filter Interval (secs) between reports.
- The Frequency Interval (secs) controls how many seconds to countdown from before logging another occurrence of the same Event Message ID. The range of interval is 0 to 86400 seconds.
- In general, most messages seen on Log Monitor are logged at one occurrence for every 60 seconds. Most Syslog messages are generated at one occurrence every 60 seconds. Most e-mail alerts are sent at one occurrence every 900 seconds.
- To allow all occurrences with no filtering, a value of zero should be configured.
-
Set the General options of the Log and Alerts Profile.
Display Events in Log Monitor To display the log events in the Log Monitor. Send Events as E‐mail Alerts To send events as e-mail alerts.
When this option is enabled, enter the e-mail address in the Send Alerts to E-Mail Address field to send the events.
Report Events via Syslog To report events through Syslog.
The Syslog Profile can be found in DEVICE | Log > Syslog > Syslog Servers tab.
When this option is enabled, enter the Sylog Profile you would like to use.
Report Events via IPFIX To report events by way of IPFIX. - Click the Color box and set the specific color for Log Monitor display.
-
Click the Events tab.
-
Enable the Events options of the Log and Alerts Profile.
Policy Matched When a security rule is matched, the log message id=1640 Policy Matched is originated from the rule lookup when a new flow is encountered.
Report Begin When a connection associated with a rule is opened or started, this controls whether the log message id=98 Connection Opened is originated. If disabled, there will be no Connection Opened log message generated for the packets or flow associated with this log profile.
Report End This controls whether the closing or ending of the connection is reported using log message ids (97 Syslog Website Accessed or 537 Connection Closed). These two messages (97, 537) are essentially the same except for extra Web Stream information included in (97) because it is generated for Web Stream types of connections that have non-zero traffic data. Non-Web Stream connections use (537). An exception for Web Stream connection that has zero traffic data will also use (537) since there will be no extra Web Stream information inspected.
- Click Save.
- Click Close to go back to Log and Alerts page.
Was This Article Helpful?
Help us to improve our support portal