Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Log Suppression on TZ 570?

CCSI_NOCCCSI_NOC Newbie ✭
edited March 2022 in Entry Level Firewalls

I have a SonicWall TZ 570 that's generating a very high volume of similar log messages, all of which are being sent to a log receiver. For example the following:

Possible TCP Flood on IF X1 - src: <src_ip:port> dst: <dst_ip:port>" n=8 fw_action="NA" auditId=0

They are all targeting the outside interface of the firewall and not reaching the internal network, so I don't believe there is any use to blocking any source IP addresses in this case. Is there any way to disable/suppress log messages like this based on certain parameters (ie. src or dst IP) as to not over-tax our log receiver? I did notice the "Disable Event" option, but I worry that this will disable "Possible TCP Flood" logs altogether, which is not what we want to accomplish.

**Note: we've determined the logs in this example to be benign, and so we are looking to suppress ones targeting the outside interface while still being alerted to anything targeting our internal network.

Category: Entry Level Firewalls
Reply
This discussion has been closed.