SonicOS 7.1 Device Log
- SonicOS 7.1
- About SonicOS
- About Device
- Settings
- Syslog
- Automation
- Name Resolution
- Reports
- AWS
- SonicWall Support
Adding a Syslog Server
To add a Syslog server to the firewall.
- Go to Device > Log > Syslog page.
- Click Syslog Servers tab.
- Click Add. The Add Syslog Server dialog appears.
- Specify the Event Profile for this server in the Event Profile field. The minimum value is 0 (1 group), the maximum is 23 (24 groups), and the default is 0. Each group can have a maximum of 7 Syslog servers.
For GMS, the Event Profile must be 0.
- Select the Syslog server name or IP address from the Name or IP Address drop-down menu. Messages from the firewall are then sent to the servers.
- If your Syslog server does not use default port 514, type the port number in the Port field.
- Select the Server Type from the drop-down options. select Syslog Server or Analyzer.
- From the Syslog Format drop-down menu, select the Syslog format:
- The Syslog Facility might be left as the factory default. Optionally, however, from the Syslog Facility drop-down menu, select the Syslog Facility appropriate to your network:
For GMS, the Syslog format must be Local Use 0.
- In the Syslog ID field, enter the Syslog ID. The default is firewall.
A Syslog ID field is included in all generated Syslog messages, prefixed by id=. Therefore, for the default value, firewall, all Syslog messages include id=firewall. The ID can be set to a string consisting of 0 to 32 alphanumeric and underscore characters.
- Optionally, to limit events logged and therefore, prevent the internal or external logging mechanism from being overwhelmed by log events, select Enable Event Rate Limiting.
Event rate limiting is applied regardless of Log Priority of individual events.
Specify the maximum number of events in the Maximum Events Per Second field; the minimum number is 0, the maximum is 1000, and the default is 1000 per second.
- Optionally, to limit events logged and therefore, prevent the internal or external logging mechanism from being overwhelmed by log events, select Enable Data Rate Limiting.
Data rate limiting is applied regardless of Log Priority of individual events.
Specify the maximum number of bytes in the Maximum Bytes Per Second field; the minimum is number is 0, the maximum is 1000000000, and the default is 10000000 bytes per second. This control limits data logged to prevent the internal or external logging mechanism from being overwhelmed by log events.
- To Bind To VPN Tunnel and Create Network Monitor Policy in NDPP mode:
- Optionally, choose an interface from the Local Interface drop-down menu.
- Optionally, choose an Interface from the Outbound Interface drop-down menu.
- Click Add.
Was This Article Helpful?
Help us to improve our support portal