Log Monitor length seems lmited
ratherman
Newbie ✭
I support about a dozen different TZ firewalls - Currently running version 6.5.4.6-79n (but I have seen them problem in all previous firmware). If I try to show the last 7 days (for example), all I can see is the last 2-4 hours. Why is that? Is the memory on even the TZ600 not large enough to store any more?
Best Answer
-
CORRECT ANSWER
Saravanan
Moderator
Hi @ratherman,
Thank you for visiting SonicWall Community.
The built-in log buffer size on the SonicWall is limited. The ROM in the SonicWall is shared by all firewall features and hence this limitation is in existence. This limitation is across all firewall models.
Please refer below web-link for other technical details on the Log Buffer Size.
To overcome the log buffer size, there is an external storage that we can setup on the SonicWall and have the historical logs stored on it. Not only historical logs, even the syslog and tracelog entries can be stored on the external storage device.
Please refer below web-link for the info on external storage available in accordance with SonicWall appliance.
Hope this helps.
Regards
Saravanan V
Technical Support Advisor - Premier Services
Professional Services
0
Answers
I set up a process many years ago starting with PRO 100’s which has served me well over the years.
I established a separate email account to receive Sonicwall logs.
I have the logs sent to that address when they’re full.
I use M$365 and the following applies to Outlook.
I have rules established to move the inbound emails to separate folders for each Sonicwall I’m monitoring (presently 6).
I’ve determined that I almost never have to go back more than 4 weeks to begin investigating an issue, so I use a Folder Policy to delete emails older than 4 weeks old.
If there’s a problem or issue that I start investigating and I want to keep logs older than 4 weeks I move them to an investigative folder so that they aren't automatically deleted.