Comments
-
I figured it out. Apparently I have the Syslog configured to send only "notice" or higher priority messages. Connection opened was set to Inform. I changed it to Notice and I am now receiving the messages! Hopefully this will help with my initial query of defining accepted and dropped connections within my SIEM tool.
-
To further add to this, it looks like the Event ID for Connection Opened is 98 - I don't have a single event 98 from my Sonicwall in my SIEM tool. Could there be some other setting preventing this message ID from transmitting? I am recieveing other messages in this category, just not "connection opened."
-
Thanks for the reply. I do have that enabled. However, when I disable NAT messages in the Log configuration, I am only seeing "dropped" messages come though to my syslog receiver.
-
You can enable access to the SQL Server from a specific host in the DMZ through policy. Depending on your policies and risk profile, it might be a good practice to isolate the SQL Server further from the LAN. If SQL is in the LAN everything on the LAN will have full access. If it's in a different network, policy can be…
-
@MustafaA thank you very much for the reply. That is useful information. Do you know if there is documentation around Syslog messaging as it relates to firewall rule processing? My current conundrum is that it appears that all traffic gets a NAT rule Syslog message, but no NAT rule Syslog messages will indicate if traffic…