Coming from NSA devices the log retention on the TZ300 seems to be extremely short. I am seeing consistently about 1 hour in the Event Log. I've reset to the Default logging template. Is this normal for this device?
depending from which NSA you're coming from, but Gen6 (TZ 300-600, NSA x600) do not have some kind of storage. It's AFAIK just a 32KB ring-buffer which will not hold for long.
Gen 6.5 (NSA x650) and Gen 7 do provide onboard storage for local logs. It was one of the weak points in the past for appliances not logging to a central system.
there a couple of options provided by SonicWall, like GMS (near end of life) or NSM for that matter. You should give them a try to see if it fits your needs.
On the other hand you can use any syslog or netflow/ipfix based solution for long term logging, but this requires a lot of customization but probably better results at the end.
Answers
Hi @badgenes
depending from which NSA you're coming from, but Gen6 (TZ 300-600, NSA x600) do not have some kind of storage. It's AFAIK just a 32KB ring-buffer which will not hold for long.
Gen 6.5 (NSA x650) and Gen 7 do provide onboard storage for local logs. It was one of the weak points in the past for appliances not logging to a central system.
--Michael@BWC
got you, that sounds like what i'm seeing. what is the recommended method for offloading? syslog or something else?
Hi @badgenes
there a couple of options provided by SonicWall, like GMS (near end of life) or NSM for that matter. You should give them a try to see if it fits your needs.
On the other hand you can use any syslog or netflow/ipfix based solution for long term logging, but this requires a lot of customization but probably better results at the end.
--Michael@BWC
I would recommend using the SYslog Server it can be anything you want. Such as FastVue or Gray Log and such.
https://www.graylog.org/products/open-source