Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Log examples of SonicWall Email Security Appliance

JodyNWJodyNW Newbie ✭
edited July 2022 in Email Security Software

Hi,

I want to monitor on the Emergency and Alert logs of the product SonicWall Email Security Appliance. I can't seem to find what kind of logs will be seen from both severity levels. I found the image below,


but I'd like to know the following:

  • 1) What kind of logs fall under an Emergency and Alert log type?
  • 2) What kind of events/ actions will trigger an Emergency and Alert log so I can understand real life scenarios?
  • 3) What kind of 'easy and safe' events/ actions will trigger an Emergency and Alert log so I can also trigger some test events?
  • 4) Can someone provide example logs for the Emergency and Alert log types so I can parse the logs correctly?

Thank you in advance!

Category: Email Security Software
Reply
Tagged:

Answers

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @JodyNW I'am self-promoting one of my older thoughts if you don't mind. It's still the same as mentioned at the end of this one, only one event per successful received mail, nothing more, no difference between the severities.

    --Michael@BWC

  • JodyNWJodyNW Newbie ✭

    Hi Michael@BWC ,

    Thank you for your swift response!

    I do notice that I get a lot of logging when setting it to severity 'debug'. The logs show me ALL the received e-mails as logs. Would have been interesting to receive only the critical alerts. I was thinking that maybe logs for the Emergency and Alert ones will be along the lines of system shutdowns or system interruptions.


    What do you think?

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @JodyNW I'am currently running at the DEBUG severity to gather everything and only got two different kind of Event-IDs, ES-Alert and EmailSecurity. I cannot tell from the events at which severity the events will be logged.

    ES-Alert shows something like that:

    Summary="Manual backup is complete for globalsettings, ousettings, usersettings at 2022-04-18 12:10:19" Description="Manual backup complete" RecommendedAction=""

    Summary="Your Anti-Spam license will expire on Jul 31, 2022" Description="Your Anti-Spam license will expire on Jul 31, 2022. If you opted for Auto Renewal, please ignore this alert. Please contact SonicWall to renew otherwise." RecommendedAction="Please contact SonicWall to renew"

    Summary="Thumbprint database files are stale" Description="The following thumbprint databases have not received scheduled updates: DC " RecommendedAction="Check to see if the MlfASGUpdater/MlfThumbUpdate and the MlfAsgSMTP/Gateway services are running. Test connectivity to the data center (see URL below)."

    Summary="Thumbprint database files are stale" Description="The following thumbprint databases have not received scheduled updates: AT HT UC " RecommendedAction="Check to see if the MlfASGUpdater/MlfThumbUpdate and the MlfAsgSMTP/Gateway services are running. Test connectivity to the data center (see URL below)."

    On the other hand the EmailSecurity Events seems to be equivalent to the Message Log, all incoming and outgoing mails got reported back. But only quasi useful, outgoing mails not shown as delivered or to which ip delivered.

    All the trouble information for daily operation (like bad SMTP connections etc) is hidden behind an unuseful interface for logfile gathering.

    --Michael@BWC

  • JodyNWJodyNW Newbie ✭
    edited July 2022

    Thank you so much for the help @BWC!

    Good to know that there are two types of logs for the DEBUG mode.

    I keep this thread open in the hopes that someone could shed some light on the EMERGENCY and ALERT modes.

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @JodyNW I activated the Logging of Priority in my rsyslog configuration and it seems that all events come in as local4.info ... will check back in a couple of days when hopefully some other ES-Alerts came in.

    --Michael@BWC

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @JodyNW license expiration warnings came in as local4.warning ... so it's not all Info after all.

    --Michael@BWC

  • JodyNWJodyNW Newbie ✭

    @BWC , Hi Michael, thanks for enabling it and looking into it! Interesting find :)

Sign In or Register to comment.