Number of records in System Logs
Mariusz
Enthusiast ✭✭
Why does the firewall show only a few hundred logs at most? In the settings (/Monitor/Logs/System Logs) there is a selection showing that the limit can be up to 8000. Never before in my TZ370 has the number exceeded 1000.
Is it like that in all of them?
Best Answers
-
CORRECT ANSWER
BWC
Cybersecurity Overlord ✭✭✭
@Mariusz no the TZ 470 does not come with secondary store, the TZ 670 is the only one of the TZ series. The selection of Primary is greyed out and cannot be selected, but Secondary can, even it is not installed, which obviously will not work.
—Michael@BWC
0 -
CORRECT ANSWERBWC
Cybersecurity Overlord ✭✭✭
@Mariusz yes, 02-SSC-3114 is the correct SKU for the 32 GB Secondary Storage which fits into the TZ 370.
If you're sure that having the System Logs on the Appliance without further analysis is enough, then it's a viable solution.
If you have the chance to do external logging via syslog, then you would have all possibilities for any kind of analysis. But this requires additional tools, like Graylog, FastVue, NSM etc. for getting the raw data into a nicer form.
—Michael@BWC
1
Answers
@Mariusz the TZ 370 does not have any storage for holding the logs, just a simple ring buffer (32 KB?) If it's filled up all the older events vanish.
The lower left corner of the table shows the max number of records available. The screenshot shows an TZ 670 for example which comes with internal storage.
—Michael@BWC
@BWC Can this buffer be increased?
I really don't understand why they made it so tiny.
Even 1MB is nothing compared to gigabytes of RAM.
What do you mean by internal storage?
Maybe you mean External Storage?
@Mariusz sadly the buffer cannot be increased, this was and still is a pain point with SonicWall Firewalls.
Sorry for the confusion, the correct term would be Primary and Secondary storage, both of them are "internal" (SSD). The TZ 670 comes with Secondary storage which can be used for saving logs. Primary storage cannot be used for logs, only on NSa 4700 and up.
—Michael@BWC
@BWC Thank you for the explanation. You write that TZ 670 comes with Secondary storage which can be used for saving logs - yes it has 32 GB built in. Please explain one more thing to me. On the screen you posted we see available "secondary storage device" and this is TZ470. Does this TZ470 have any additional storage? What is this storage?
Thanks, that explains a bit. With firmware 7.1.2 the windows look a bit different (see livedemo).
The descriptions have the names Secondary, External, Internal, Flexible - it's a bit confusing. The module is named External and in the GUI it's shown as Secondary. I'm planning to buy Storage Module M.2 SATA 32GB (02-SSC-3114). So after adding External Storage module (M.2 SATA) it will be possible to save system logs there?
@BWC Thank you very much for all the explanations.
I wonder if SonicWall will allocate more RAM (increase the buffer size) for logs in future firmware. I think it's worth doing.