CHAPTER 51: Configuring Log Automation

E-mail

Mail Server - to e-mail log or alert messages, enter the name or IP address of your mail server in the Mail Server field. If this field is left blank, log and alert messages are not

e-mailed.

Send Log To - enter your full e-mail address in the Send log to field to receive the event log via e- mail. Once sent, the log is cleared from the SonicWALL security appliance memory. If this field is left blank, the log is not e-mailed.

Send Alerts To - enter your full e-mail address (username@mydomain.com) in the Send alerts to field to be immediately e-mailed when attacks or system errors occur. Enter a standard e-mail address or an e-mail paging service. If this field is left blank, e-mail alert messages are not sent.

Send Log / Every / At - The Send Log menu determines the frequency of log e-mail messages: Daily, Weekly, or When Full. If the Weekly or Daily option is selected, then select the day of the week the e-mail is sent in the Every menu. If the Weekly or the Daily option is selected, enter the time of day when the e-mail is sent in the At field.

Syslog Servers

In addition to the standard event log, the SonicWALL security appliance can send a detailed log to an external Syslog server. The SonicWALL security appliance Syslog captures all log activity and includes every connection source and destination IP address, IP service, and number of bytes transferred. The SonicWALL security appliance Syslog support requires an external server running a Syslog daemon on UDP Port 514.

Syslog Analyzers such as SonicWALL ViewPoint or WebTrends Firewall Suite can be used to sort, analyze, and graph the Syslog data.

To add syslog servers to the SonicWALL security appliance, click Add. The Add Syslog Server window is displayed.

1Enter the Syslog server name or IP address in the Name or IP Address field. Messages from the SonicWALL security appliance are then sent to the servers. Up to three Syslog Server IP addresses can be added.

2If your syslog is not using the default port of 514, enter the port number in the Port Number field.

3Click OK.

If the SonicWALL security appliance is managed by SGMS, however, the Syslog Server fields cannot be configured by the administrator of the SonicWALL security appliance.

304

SONICWALL SONICOS STANDARD 3.0 ADMINISTRATORS GUIDE

Page 323
Image 323
SonicWALL 3 manual Mail, Syslog Servers