|
|
Mail Server - To e-mail log or alert messages, enter the name or IP address of your mail server in the Mail Server field. If this field is left blank, log and alert messages are not e-mailed.
Send log to - Enter your full e-mail address(username@mydomain.com) in the Send log to field to receive the event log via e-mail. Once sent, the log is cleared from the SonicWALL memory. If this field is left blank, the log is not e-mailed.
Send alerts to - Enter your full e-mail address (username@mydomain.com) in the Send alerts to field to be immediately e-mailed when attacks or system errors occur. Enter a standard e-mail address or an e-mail paging service. If this field is left blank, e-mail alert messages are not sent.
Firewall Name - The Firewall Name appears in the subject of e-mails sent by the SonicWALL. The Firewall Name is helpful if you are managing multiple SonicWALLs because it specifies the individual SonicWALL sending a log or an alert e-mail. By default, the Firewall Name is set to the SonicWALL serial number.
E-mail Log Now - Clicking E-mail Log Now immediately sends the log to the address in the Send Log to field and then clears the log.
Clear Log Now - Clicking Clear Log Now deletes the contents of the log.
Syslog Server - In addition to the standard event log, the SonicWALL can send a detailed log to an external Syslog server. The SonicWALL Syslog captures all log activity and includes every connection source and destination IP address, IP service, and number of bytes transferred. The SonicWALL Syslog support requires an external server running a Syslog daemon on UDP Port 514.
Syslog Analyzers such as WebTrends Firewall Suite can be used to sort, analyze, and graph the Syslog data.
Enter the Syslog server name or IP address in the Add Syslog Server field. Messages from the SonicWALL are then sent to the servers. Up to three Syslog Server IP addresses can be added.
To delete a Syslog Server from the list, select the server entry and click Delete Syslog Server.
If the SonicWALL is managed by SonicWALL GMS, however, the Syslog Server fields cannot be configured by the administrator of the SonicWALL.
Send Log - The Send Log menu determines the frequency of log e-mail messages: Daily, Weekly, or When Full. If the Weekly option is selected, then enter the day of the week the e-mail is sent in the Every menu. If the Weekly or the Daily option is selected, enter the time of day when the e-mail is sent in the At field. If the When Full option is selected and the log fills up, it is e-mailed automatically.
When log overflows - The log buffer fills up if the SonicWALL cannot e-mail the log file. The default behavior is to overwrite the log (overwrite log) and discard its contents. However, you can configure the SonicWALL to shut down (Deactivate SonicWALL) and prevent traffic from traveling through the SonicWALL if the log is full.
Syslog Individual Event Rate (seconds/event) - The Syslog Individual Event Rate setting prevents repetitive messages from being written to Syslog. If duplicate events occur during the period specified in the Syslog Individual Event Rate field, they are not written to Syslog as unique events. Instead, the additional events are counted, and then at the end of the period, a message is written to the Syslog that includes the number of times the event occurred.
The Syslog Individual Event Rate default value is 60 seconds and the maximum value is 86,400 seconds (24 hours). Setting this value to 0 seconds sends all Syslog messages without filtering.
Syslog Format - You can choose the format of the Syslog to be Default or WebTrends. If you select WebTrends, however, you must have WebTrends software installed on your system.
You can define which log messages appear in the SonicWALL Event Log. All Log Categories are enabled by default except Network Debug.
System Maintenance - Logs general system activity, such as automatic downloads of the Content Filter Lists, and system activations.
System Errors - Logs problems with DNS, e-mail, and automatic downloads of the Content Filter List.
Blocked Web Sites - Logs Web sites or newsgroups blocked by the Content Filter List or by customized filtering.
Blocked Java, etc. - Logs Java, ActiveX, and Cookies blocked by the SonicWALL.
User Activity - Logs successful and unsuccessful log in attempts. Log messages regarding administrator login and logout events are also recorded when User Activity is selected.
VPN TCP Stats - Logs TCP connections over VPN tunnels.
Attacks - Logs messages showing Denial of Service attacks, such as SYN Flood, Ping of Death, and IP spoofing.
Dropped TCP - Logs blocked incoming TCP connections.
Dropped UDP - Logs blocked incoming UDP packets.
Dropped ICMP - Logs blocked incoming ICMP packets.
Network Debug - Logs NetBIOS broadcasts, ARP resolution problems, and NAT resolution problems. Also, detailed messages for VPN connections are displayed to assist the network administrator with troubleshooting problems with active VPN tunnels. Network Debug information is intended for experienced network administrators.
Denied LAN IP - Logs denied access IP addresses.
Alerts are events, such as attacks, which warrant immediate attention. When events generate alerts, messages are immediately sent to the e-mail address defined in the Send alerts to field. Attacks and System Errors are enabled by default, Blocked Web Sites is disabled.
Attacks - Log entries categorized as Attacks generate alert messages.
System Errors - Log entries categorized as System Errors generate alert messages.
Blocked Web Sites - Log entries categorized as Blocked Web Sites generate alert messages.
VPN Tunnel Status - Log entries categorized as VPN Tunnel Status generate alert messages.
Once you have configured the Log Settings, click Update. Once the SonicWALL is updated, a message confirming the update is displayed at the bottom of the window.