Does this information look incorrect or out-of-date? Please contact us at email@example.com.
The Dell SonicWALL security appliance can send event messages to an external, user-configured Syslog server for viewing. The Syslog message format can be selected in Syslog Settings and the destination Syslog Servers can be specified in the table of Syslog Servers. By default this is 514, but can be changed to one appropriate for SOC.OS Agent (eg 2514)
The Log > Syslog page enables you to configure the various settings you want, when you send the log to a Syslog server. You can choose the Syslog facility (classification type) and the Syslog format that you want.
If you are using Dell SonicWALL’s Global Management System (GMS) to manage your firewall, the Syslog Format is fixed to Default and the Syslog ID is fixed to firewall. Thus, these fields are greyed-out and can't be modified. All other fields, however, can still be customized as needed.
To configure Syslog settings on your firewall:
The Syslog ID field is fixed to firewall when the Override Syslog Settings with Reporting Software Settings option is enabled, and therefore, cannot be modified.
Event rate and data rate limiting are applied regardless of Log Priority of individual events.
(Optional) Select the Enable Data Rate Limiting if you want it. This control allows you to enable rate limiting of data to prevent the internal or external (SOC.OS agent) logging mechanism from being overwhelmed by log events. Specify the maximum number of bytes in the Maximum Bytes Per Second field; the minimum is number is 0, the maximum is 1000000000, and the default is 10000000 bytes per second.
When you’ve finished setting the Syslog options, click Accept at the top of the page.
To configure specific alert levels that will be forwarded to SOC.OS, visit the Log>Settings page
The Logging Level allows you to filter events by priority. Events with equal or greater priority are passed. Events with a lower priority are dropped. This enables you to filter out lower level priorities to prevent them being logged in the system and sent to SOC.OS
On the Log > Settings page, you can set the baseline logging level to be displayed on the Log Monitor page. The following logging levels are available for selection:
To set the logging level:
To enable the Syslog forwarding of alerts for, On the Log > Settings page, the columns show the main event attributes that can be configured on different levels: category, group, or each event.
Set the Event Attributes by category level by selecting a specific category and clicking the Configure button to launch the Edit Log Category window. You can then select the Syslog checkbox for specific categories . Any changes done here apply to all groups and all events within the selected category.