syslog facility
Best Answer
-
iamabrokenman Enthusiast ✭✭Been a decade that I had to do this in windows as host, kiwi syslog was what I used then. Going with syslog-ng is also a standard approach though I am not sure if it's free for windows. HTH0
Answers
That normally depends on what OS you want to use to host your syslog server. Most *nix OS have either syslog-ng or rsyslog installed. Both can do the job of receiving that syslog feed. HTH
I believe the server on which syslog daemon has to be installed is a windows one. Any suggestion derived from your experince? Thanks
For what it's worth, we use Kiwi and it does its job. Haven't really gone into it to take full advantage of all its capabilities, use it mostly as a backup log system for our Sonicwall and network infrastructure.
Interestingly enough, I installed it because we were having issues with our TZ400 randomly rebooting itself. The Sonicwall is "supposed" to keep trace logs and TSR logs in nonvolatile memory, but after each reboot they were basically empty. In an effort to find any bread crumbs that might explain what led up to the reboots, I installed a syslog server. Alas, to no avail though, as there was absolutely nothing captured that would give us a clue. We upgraded to a TZ470 - not without its own issues, but the random reboots stopped. We maintain the syslog anyway just for a log backup just in case there may be some kind of useful information recorded there.
Russ
Thank for sharing @RussF .
Do you know for the new gen7 TZ like the 470 you have the option to buy an memory moudule (M.2 connection) to have logs constanly saved on this second storage? They start from 32 GB up to 512 GB. Every day firewall save a variable number of csv files with all the logs archived. You can download them e look inside also after a fw reboot. Another way to have a recovery data.
Regards.
Thank you @Enzino78. Yes, I contemplated adding the flexible storage module when we upgraded, but opted out since we already had the syslog server set up.
Russ