circle-info
Welcome to the new Logpoint documentation portal! Can’t find what you’re looking for?
Logpoint Documentationarrow-up-right
search

Sonicwall Firewall

hashtag
Overview

SonicWall Firewall ingests and normalizes logs from SonicWall firewall devices in LogPoint. Once ingested, you can explore and analyze the data using LogPoint's search capabilities and available analytics for this integration, including dashboards, reports, and alerts. This gives you clear visibility into malicious IP addresses, severities, user activities, bandwidth usage, and administrative tasks detected by the firewall on your network, enabling faster detection, compliance, and response.

The integration includes:

  • Syslog Collector to retrieve raw logs from SonicWall Firewall devices and ingest them into LogPoint for processing.

  • Syslog Parser to extract key fields from raw SonicWall logs.

  • SonicFirewallCompiledNormalizer and SonicWallAventailCompiledNormalizer to convert the parsed logs into a standardized format for consistent analysis across LogPoint.

  • Dashboard package (LP_SonicWall Firewall) which provides a graphical and interactive overview of SonicWall activities, highlighting patterns including malicious IP addresses, severities, user activities, bandwidth usage, and administrative tasks. It allows you to quickly spot unusual behavior, monitor compliance, and track operational changes over time.

  • Normalization packages (LP_SonicWall SMA, LP_SonicWall SMA Process) that provide specialized normalization for SonicWall Secure Mobile Access (SMA) appliances.

When SonicWall Firewall detects threats, malicious activity, or events with potential risk to your environment, it triggers security alerts based on predetermined alert rules, enabling early detection and corrective action.

hashtag
Supported Events

  • SonicWall Firewall versions:

    • SonicWall Firewall (all versions)

    • SonicWall Secure Mobile Access (SMA)

  • SonicWall log types:

    • Traffic Events: Connection attempts, session establishment, traffic flows, bandwidth usage

    • Security Events: Malicious IP detection, intrusion attempts, security violations

    • User Activity Events: User login/logout, authentication events, user sessions

    • Administrative Events: Configuration changes, admin actions, system modifications

    • Severity Events: Event classification by severity levels (0-7)

    • Network Events: Port activity, source/destination tracking, protocol usage

Last updated

Was this helpful?