• SonicOS 7.1
• About SonicOS
  • Working with SonicOS
  • SonicOS Workflow
  • How to Use the SonicOS Administration Guides
  • Guide Conventions
• About Device
  • Device Log Introduction
• Settings
  • Filtering the Base Setup View
  • Configuring the Logging and Alert Levels
    • Setting the Logging Level
    • Setting the Alert Level
  • About Other Top Row Buttons
    • Edit Attributes of All Categories
    • Reset All Event Counts
    • Save Template
    • Import Template
      • Default Template
      • Minimal Template
      • Analyzer/ViewPoint/GMS Template
      • Firewall Action Template
      • Custom Template
    • View Logs
  • About the Log Settings Base Setup Table
    • Category Column
    • Color Column
    • ID Column
    • Priority Column
    • GUI Column
    • Alert Column
    • Syslog Column
    • Internet Protocol Flow Information Export (IPFIX) Column
    • Email Column
    • Event Count Column
    • Edit and Reset Count Icons
  • Configuring Event Attributes Globally
  • Configuring Event Attributes Selectively
    • Configuring Event Attributes by Category
    • Configuring Event Attributes by Group
    • Configuring Event Attributes by Event
    • About Filename Logging
• Syslog
  • About Event Profiles
  • About Syslog Server Profiling
  • Using a GMS/Analytics Server for Syslog
  • Syslog Settings
  • Syslog Servers
    • Adding a Syslog Server
    • Editing a Syslog Server
    • Enabling Syslog Servers
    • Disabling Syslog Server
    • Deleting Syslog Servers
• Automation
  • Email Settings
  • Mail Server Settings
  • FTP Log Automation
• Name Resolution
• Reports
  • Data Collection
  • View Data
  • Backup Logs Information
• AWS
  • Enabling AWS Logs
• SonicWall Support
  • About This Document

Syslog

Syslog and NetFlow are two different technologies that serve different purposes. Syslog is a logging protocol used to collect and store log messages from devices on a network, while NetFlow is a network protocol used to collect and analyze network traffic data.

When it comes to the usage of both technology, whether to use Syslog or NetFlow depends on the specific needs and requirements. Both technologies can be useful for different purposes, and it may be beneficial to use both in combination to gain a comprehensive view of network activity.

Here are some potential benefits of using Syslog over NetFlow:

Benefits of Syslog over NetFlow

Syslog	NetFlow
Syslog is widely supported by a variety of devices and systems, making it a flexible and universal logging solution.	NetFlow provides more detailed and granular information about network traffic, including source and destination IP addresses, port numbers, and protocol types. This can be useful for identifying patterns and trends in network usage, and for troubleshooting performance issues.
Syslog can be configured to send log messages to a central server, allowing for easy storage and centralized management of log data.	NetFlow data can be analyzed in real-time, allowing network administrators to quickly identify and respond to potential issues as they arise.
Syslog can be used to collect and store log messages from a variety of sources, including servers, routers, switches, and other network devices.	NetFlow is more efficient than Syslog, as it uses a standardized and compressed format for data transmission. This can be beneficial in environments with high volumes of network traffic, as it can reduce the load on network devices and servers.

In addition to displaying event messages in the GUI, the SonicWall security appliance can send the same messages to an external, user-configured Syslog Server for viewing. The Syslog message format can be selected in Syslog Settings and the destination Syslog Servers can be specified in the Syslog Servers table.

SonicWall Syslog captures all log activity and includes every connection source and destination name and/or IP address, IP service, and number of bytes transferred. SonicWall Syslog support requires an external server running a Syslog daemon; the UDP Protocol is configurable.

SonicWall has fully compatible Syslog viewers, such as GMS / Analyzer that can generate useful reports based on received Syslog messages. When GMS or Analyzer has been enabled, the destination hosts are automatically added as one of the Syslog Servers. Other Syslog Servers can be added as needed. For more information about adding Syslog Servers, see About Event Profiles.

SonicWall Syslog support requires an external server running a Syslog daemon on a UDP Portocol. The default , but you can choose a different .

Packet data can be sent to Syslog Servers. For information on how to configure this option, contact SonicWall Support.

• About Event Profiles
• About Syslog Server Profiling
• Using a GMS/Analytics Server for Syslog
• Syslog Settings
• Syslog Servers