Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: SonicWALL Setup - Internet Security | DShield SANS ISC InfoSec Forums

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
SonicWALL Setup
Syslog is one option, and easiest if you can send the logs to a Linux syslog server. I should easily be able to write a parser that will filter out extra lines once it is in syslog.

If I remember right, SonicWall also had the option to send logs as e-mail. Does this option still exist? I could resurrect support for that and include the newer versions. Can you set a "Subject" or just the "To" / "From" address? I think that was an issue in the past.

3322 Posts
ISC Handler
The LAN side of the firewall is pretty basic now that all serving has been moved to the cloud (20 or so devices behind a dynamic IP), but it wouldn't be out of the question to set up an unused box as the syslog server and let it run 24/7. Ideally, I was hoping to find a way to use the firewall to hold the logs and then automate a batch process for submission. As I started working with it, syslog seemed to be only viable option.

You are correct about not being able to set the subject on e-mailed logs through the SonicWALL. The options are very limited and only allow setting the send to address, send schedule, log format (text/HTML e-mail, or CSV attachment), and a checkbox to include/exclude all log information. Oddly, there is a "Health Check E-mail Notification" option on the Log/Automation page that does allow you to set the subject line.

As a thought, do you think there is any possibility to e-mailing the log as a CSV file and dumping it to a selected folder on one of the workstations for parsing and submission? If the CSV can be parsed, that may be the easiest method.

2 Posts
e-mail would be another option. Parsing the CSV file should be simple. As far as sending it to us directly, maybe it does add some mail header identifying itself. take a closer look at what the emails look like, or let me know if you need help with a quick parser for the CSV files. (if you can capture them on a linux system). Johannes

3322 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!