circle-info
Welcome to the new Logpoint documentation portal! Can’t find what you’re looking for?
Logpoint Documentationarrow-up-right
search

Sonicwall Firewall Log Reference

hashtag
Log Samples

Learn what raw SonicWall Firewall events look like before they're processed in Logpoint. SonicWall Firewall logs typically follow a syslog format with key-value pairs.

Example Log Format:

<priority>timestamp firewall_name field1=value1 field2=value2 field3=value3 ...

hashtag
Field Mapping

SonicWall Firewall fields are mapped to Logpoint standardized fields for consistent analysis.

Common Field Mappings (Examples):

  • SonicWall source address fields → source_address

  • SonicWall destination address fields → destination_address

  • SonicWall source port fields → source_port

  • SonicWall destination port fields → destination_port

  • SonicWall action fields → action

  • SonicWall user fields → user

  • SonicWall severity fields → severity

  • SonicWall message fields → message

  • SonicWall protocol fields → protocol

hashtag
Event Categories

SonicWall Firewall events are categorized for easier analysis:

  • Traffic Events: Connection tracking, session management, traffic flows

  • Security Events: Threat detection, intrusion attempts, malicious activity

  • User Events: Authentication, login/logout, user sessions

  • Administrative Events: Configuration changes, system modifications

  • IPS Events: Intrusion prevention system detections

  • Bandwidth Events: Data transfer, bandwidth consumption

Last updated

Was this helpful?