Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1239
  • Last Modified:

Sonicwall TZ100, howto enable seeing blocked sessions in logging?

Hi,

I have this Sonicwall TZ100 with latest firmware.
Logging doesn't show blocked sessions. Please advise what to enable to see this.
I can configure what to see in logging but don't find what exactly could enable this.

Furthermore I'd like also to have my logs kept somewhere but not in my mail (what is the case now, it's send weekly). Is that possible (on a share or so?).
Then I'd need to be informed on serious issues by mail only (intrusion alerts etc).

Please advise.

J.
0
janhoedt
Asked:
janhoedt
  • 2
1 Solution
 
btanExec ConsultantCommented:
From the admin guide (Part 15 - chapter 66 to 72 on log related) or online, the syslog should has the rule trigger. You can enable or disable Log, Alerts, and Syslog on a category by category basis by clicking on the check box for the category in the table. You can enable or disable Log, Alerts, and Syslog for all categories by clicking the checkbox on the column header.

http://www.sonicwall.com/app/projects/file_downloader/document_lib.php?t=PG&id=112

It is preferred that the logs are send to syslog server (see below) which you can further process it as needed, and most of the time is also as for compliance. The box has limit in log storage for long term

http://www.sonicwall.com/us/en/support/2213.html?Browser=chrome+32.0.1700.76&FormURL=http%3A%2F%2Fwww.sonicwall.com%2Fus%2Fen%2Fsupport.html&keyword=Sonicwall+TZ100+enable+logging

You can extend your SonicWALL security appliance log reporting capabilities by using SonicWALL ViewPoint. ViewPoint is a Web-based graphical reporting tool for detailed and comprehensive reports.
0
 
janhoedtAuthor Commented:
Thanks, but "Logging doesn't show blocked sessions. Please advise what to enable to see this. I can configure what to see in logging but don't find what exactly could enable this."
I know how not what.
0
 
btanExec ConsultantCommented:
So you are meaning the  log category views does not show the blocked attempts, even for legacy categories such which may included "blocked" session

Attacks - Logs messages showing Denial of Service attacks, such as SYN Flood, Ping of Death, and IP spoofing.
Blocked Java, etc. - Logs Java, ActiveX, and Cookies blocked by the SonicWALL security appliance.
Blocked Web Sites - Logs Web sites or newsgroups blocked by the Content Filter List or by customized filtering.
Denied LAN IP - Logs all LAN IP addresses denied by the SonicWALL security appliance.
Dropped ICMP - Logs blocked incoming ICMP packets.
Dropped TCP - Logs blocked incoming TCP connections.
Dropped UDP - Logs blocked incoming UDP packets.
User Activity - Logs successful and unsuccessful log in attempts.

I guess it is the Alert in the log category or the view log's category content such as "Rule" not showing or referring to any meaningful block attempts as expected. Then what about
- from syslog itself there is also no blocked attempt seen?
-from Viewpoint reporting?
-exported log?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now