Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

syslog facility

Hello Community, have you any experience in setting the syslog forwarding feature within a SMA 500V or generally a 100 Series? Which syslog daemon do you suggest to use?

Thanks, Regards.

Category: Secure Mobile Access Appliances
Reply

Best Answer

  • CORRECT ANSWER
    iamabrokenmaniamabrokenman Enthusiast ✭✭
    Answer ✓
    Been a decade that I had to do this in windows as host, kiwi syslog was what I used then. Going with syslog-ng is also a standard approach though I am not sure if it's free for windows. HTH

Answers

  • iamabrokenmaniamabrokenman Enthusiast ✭✭

    That normally depends on what OS you want to use to host your syslog server. Most *nix OS have either syslog-ng or rsyslog installed. Both can do the job of receiving that syslog feed. HTH

  • Enzino78Enzino78 Enthusiast ✭✭

    I believe the server on which syslog daemon has to be installed is a windows one. Any suggestion derived from your experince? Thanks

  • RussFRussF Newbie ✭

    For what it's worth, we use Kiwi and it does its job. Haven't really gone into it to take full advantage of all its capabilities, use it mostly as a backup log system for our Sonicwall and network infrastructure.

    Interestingly enough, I installed it because we were having issues with our TZ400 randomly rebooting itself. The Sonicwall is "supposed" to keep trace logs and TSR logs in nonvolatile memory, but after each reboot they were basically empty. In an effort to find any bread crumbs that might explain what led up to the reboots, I installed a syslog server. Alas, to no avail though, as there was absolutely nothing captured that would give us a clue. We upgraded to a TZ470 - not without its own issues, but the random reboots stopped. We maintain the syslog anyway just for a log backup just in case there may be some kind of useful information recorded there.

    Russ

  • Enzino78Enzino78 Enthusiast ✭✭

    Thank for sharing @RussF .

    Do you know for the new gen7 TZ like the 470 you have the option to buy an memory moudule (M.2 connection) to have logs constanly saved on this second storage? They start from 32 GB up to 512 GB. Every day firewall save a variable number of csv files with all the logs archived. You can download them e look inside also after a fw reboot. Another way to have a recovery data.

    Regards.

  • RussFRussF Newbie ✭

    Thank you @Enzino78. Yes, I contemplated adding the flexible storage module when we upgraded, but opted out since we already had the syslog server set up.

    Russ

Sign In or Register to comment.