Means to add event ID to syslog
Mithun_Haridas
Newbie ✭
in SSL VPN
id=firewall sn=********* time="2024-10-08 03:21:34 UTC" fw=***.**.**.*** pri=6 c=262144 m=98 msg="Connection Opened" sess="vpnc" n=6788850 usr="*****.*****@********.**" src=**.***.**.***:******:X1 dst=***.**.**.***:***:X1 proto=tcp/https sent=52 dpi=0 vpnpolicy="WAN GroupVPN" fw_action="NA"
This is the syslog that I currently receive from sonicwall vpn. Here I had already created rules based the priority level now I need to create rules based on the events.
Is there any means to add event id to syslog?
Category: SSL VPN
Tagged:
0
Best Answers
-
CORRECT ANSWER
BWC
Cybersecurity Overlord ✭✭✭
@Mithun_Haridas the Event ID is the value of "m=" in your syslog.
—Michael@BWC
1
Answers
Can you elaborate more about your objective? Do you have the intent to customize Syslog events or introduce a new event?
Actually I am planning to create new rules for Sonicwall VPN in Wazuh.
Now I have created some rules tagging the priority level of the VPN. But I need to create the rules more specifically for that I need to get the event ID's. Currently the syslog that I receive does not contain the event ID of the sonicwall.
So is it possible to include the Event ID to the syslog that I receive?
Hope my question is clear.
Can you elaborate on what you need, what is "Event ID" - are you referring to something like the Windows event_id?
https://www.sonicwall.com/techdocs/pdf/sonicos-6-5-4-log-events-reference-guide.pdf
In the above pdf from page 10 onwards Event ID is mentioned.
I am not getting these ID's in the log that is been forwarded in syslog. So how to include the Event ID seen in the console to the log that I receive that is been forwarded in syslog.
@BWC Thank you for the response.
Can you mention the regular firewall traffic event ID's also
eg: one source to one destination traffic allowed, traffic denied