SonicWALL Internet Security Appliances manual

5.Syslog Server - In addition to the standard event log, the SonicWALL can send a detailed log to an external Syslog server. The SonicWALL Syslog captures all log activity and includes every connection source and destination IP address, IP service, and number of bytes transferred. The SonicWALL Syslog support requires an external server running a Syslog daemon on UDP Port 514.

Syslog Analyzers such as WebTrends Firewall Suite can be used to sort, analyze, and graph the Syslog data.

Enter the Syslog server name or IP address in the Add Syslog Server field. Messages from the SonicWALL are then sent to the servers. Up to three Syslog Server IP addresses can be added.

If the SonicWALL is managed by SGMS, however, the Syslog Server fields cannot be configured by the administrator of the SonicWALL.

6.E-mail Log Now - Clicking E-mail Log Now immediately sends the log to the address in the Send Log To field and then clears the log.

7.Clear Log Now - Clicking Clear Log Now deletes the contents of the log.

8.Send Log / Every / At - The Send Log menu determines the frequency of log e-mail messages: Daily, Weekly, or When Full. If the Weekly option is selected, then enter the day of the week the e-mail is sent in the Every menu. If the Weekly or the Daily option is selected, enter the time of day when the e-mail is sent in the At field. If the When Full option is selected and the log fills up, it is e-mailed automatically.

9.When log overflows - The log buffer fills up if the SonicWALL cannot e-mail the log file. The default behavior is to overwrite the log and discard its contents. However, you can configure the SonicWALL to shut down and prevent traffic from traveling through the SonicWALL if the log is full.

10.Syslog Individual Event Rate (seconds/event) - The Syslog Individual Event Rate setting prevents repetitive messages from being written to Syslog. If duplicate events occur during the period specified in the Syslog Individual Event Rate field, they are not written to Syslog as unique events. Instead, the additional events are counted, and then at the end of the period, a message is written to the Syslog that includes the number of times the event occurred.

The Syslog Individual Event Rate default value is 60 seconds and the maximum value is 86,400 seconds (24 hours). Setting this value to 0 seconds sends all Syslog messages without filtering.

11.Syslog Format - You can choose the format of the Syslog to be Default or WebTrends. If you select WebTrends, however, you must have WebTrends software installed on your system.

Page 94 SonicWALL Internet Security Appliance Administrator’s Guide